116 matches found
CVE-2026-56027
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
EUVD-2026-39690
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
VulnCheck KEV: CVE-2024-13744
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validateproductinputfieldsonaddtocart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
EUVD-2026-12550
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3...
CVE-2026-32586
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...
CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...
CVE-2026-32586
CVE-2026-32586 describes a Missing Authorization vulnerability in Booster for WooCommerce (WordPress plugin). Affected: Booster for WooCommerce versions prior to 7.11.3. Root cause: incorrectly configured access control/security levels allowing unauthorized actions. Impact: CVSS v3.1 base score 5...
CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...
WordPress plugin Booster for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
CVE-2023-4945
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2025-64379
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...
CVE-2025-64380
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through = 7.3.2...
EUVD-2025-163768
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through = 7.3.2...
EUVD-2025-163769
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...
CVE-2025-64380
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through = 7.3.2...
CVE-2025-64380
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through = 7.3.2...
CVE-2025-64379
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...
CVE-2025-64379
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...
CVE-2025-64380 WordPress Booster for WooCommerce plugin <= 7.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through = 7.3.2...
CVE-2025-64380
CVE-2025-64380 affects WordPress Booster for WooCommerce (woocommerce-jetpack) plugin, specifically versions up to and including 7.3.2. The root cause is improper input handling during web page generation, leading to a stored cross-site scripting (XSS) vulnerability. This means malicious script p...