2 matches found
CVE-2022-4016 Booster for WooCommerce - Custom Role Creation/Deletion via CSRF
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins...
CVE-2022-4016
The CVE-2022-4016 issue affects Booster for WooCommerce, Booster Plus for WooCommerce, and Booster Elite for WooCommerce WordPress plugins (versions prior to 5.6.7, 5.6.6, and 1.1.8 respectively). The vulnerability is a CSRF flaw in the creation and deletion of Customer roles, which could allow a...