9 matches found
CVE-2026-32586
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...
WordPress Booster for WooCommerce plugin <= 7.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booster for WooCommerce versions = 7.3.2...
EUVD-2022-51397
Malicious code in bioql PyPI...
CVE-2024-13342 Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addfilestoorder' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double...
CVE-2022-4017
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in...
CVE-2022-4017
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in...
CVE-2022-4227
The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site...
CVE-2022-3762
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...
PT-2022-26080 · WordPress · Booster For Woocommerce
Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin versions = 5.6.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...