Lucene search

WordfenceCVELIST:CVE-2023-4796

HistoryOct 20, 2023 - 7:29 a.m.

CVE-2023-4796

2023-10-2007:29:25

Wordfence

www.cve.org

wordpress

information disclosure

vulnerability

booster for woocommerce

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

24.4%

JSON

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the ‘wcj_wp_option’ shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.

CNA Affected

[
  {
    "vendor": "pluggabl",
    "product": "Booster for WooCommerce",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "7.1.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.0/includes/shortcodes/class-wcj-general-shortcodes.php#L450

plugins.trac.wordpress.org/changeset/2966325/woocommerce-jetpack#file1

www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

24.4%

JSON

Related for CVELIST:CVE-2023-4796