Booster for WooCommerce - Checkout Files Deletion via CSRF
CVE-2022-3763

8.1HIGH

Key Information:

Vendor
Wordpress
Status
Booster For WooCommerce
Booster Plus For WooCommerce
Booster Elite For WooCommerce
Vendor
CVE Published:
21 November 2022

Summary

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

Affected Version(s)

Booster Elite for WooCommerce 0 < 1.1.7

Booster for WooCommerce 0 < 5.6.7

Booster Plus for WooCommerce 0 < 5.6.5

References

https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-...
exploitvdb-entrytechnical-description

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

WPScan
.