Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:59DD870F-72A8-443F-8978-E946CE413230
HistoryNov 29, 2023 - 12:00 a.m.

Booster for WooCommerce < 7.1.2 - Authenticated (Subscriber+) Information Disclosure via Shortcode

2023-11-2900:00:00
wpscan.com
30
woocommerce
wordpress
vulnerability
information disclosure
shortcode
authenticated
subscriber+
attackers
sensitive site options

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

18.1%

JSON

Description The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the ‘wcj_get_option’ shortcode in versions up to, and including, 7.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2023-40002
2023-11-23 00:15:08
prion
prion
Design/Logic Flaw
2023-11-23 00:15:00
cvelist
cvelist
CVE-2023-40002 WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
2023-11-22 23:57:37
cve
cve
CVE-2023-40002
2023-11-23 00:15:08

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

18.1%

JSON
Related for WPVDB-ID:59DD870F-72A8-443F-8978-E946CE413230
nvd1prion1cvelist1cve1