Missing Authorization Flaw in Booster for WooCommerce by Pluggabl
CVE-2025-64379
4.3MEDIUM
What is CVE-2025-64379?
A Missing Authorization vulnerability exists in Booster for WooCommerce, allowing unauthorized users to exploit incorrectly configured access controls. This issue affects versions up to 7.4.0, posing a risk for users who may inadvertently expose sensitive functionalities. It is crucial for site administrators to review their configurations and apply appropriate updates to mitigate exposure. Regular audits and monitoring are recommended to maintain a secure environment.
Affected Version(s)
Booster for WooCommerce <= n/a
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Legion Hunter | Patchstack Bug Bounty Program