CVE-2026-32586

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...

EUVD-2026-11095

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

WordPress plugin WP DB Booster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

PT-2024-39468 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wcj product meta shortcode due to insufficient input sanitization and output...

WordPress plugin Booster for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

WordPress Plugin SEO Booster 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Booster for WooCommerce Plugin <= 7.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.7 Fixed in 7.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29760 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ccd1007ae31 Credits Rafie Muhammad Patchstac...

CVE-2024-1534

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-48333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b3744065c2d4 Credits Dave Jong...

WordPress Mobile Booster Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Mobile Booster Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2238d1fec34d Credits Rafie Muhammad Patchstack Required...

PT-2022-26350 · WordPress · Booster Elite For Woocommerce +2

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce WordPress plugin versions prior to 5.6.3 Booster Plus for WooCommerce WordPress plugin versions prior to 6.0.0 Booster Elite for WooCommerce WordPress plugin versions prior to 6.0.0 Description: The issue is related to...

CVE-2022-3763

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in...

PT-2022-24034 · WordPress · Booster Elite For Woocommerce +2

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce WordPress plugin versions prior to 5.6.7 Booster Plus for WooCommerce WordPress plugin versions prior to 5.6.5 Booster Elite for WooCommerce WordPress plugin versions prior to 1.1.7 Description: The issue allows...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Booster for WooCommerce, which stems from the program's failure to filter and...

CVE-2021-24747

The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections...

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

The plugin does not sanitise and escape the wcjdeleterole parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue PoC The "General" module needs to be enabled in "Woocommerce - Booster Settings - Booster"...