CVE-2022-3762

Exploit

EPSS 0.91%
Veröffentlicht 21.11.2022 11:15:21
Zuletzt bearbeitet 30.04.2025 16:15:25
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Booster for WooCommerce - ShopManager+ Arbitrary File Download

Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download

Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)

Mögliche Gegenmaßnahme

Booster Plus for WooCommerce: Update to version 5.6.5, or a newer patched version

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 5.6.7, or a newer patched version

Booster Elite for WooCommerce: Update to version 1.1.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Booster ≫ Booster For Woocommerce SwEditionelite SwPlatformwordpress Version < 1.1.7

Booster ≫ Booster For Woocommerce SwEditionplus SwPlatformwordpress Version < 5.6.5

Booster ≫ Booster For Woocommerce SwPlatformwordpress Version < 5.6.7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Booster Plus for WooCommerce

Version *-5.6.4

SystemWordPress Plugin

≫

Produkt Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Version *-5.6.6

SystemWordPress Plugin

≫

Produkt Booster Elite for WooCommerce

Version [*, 1.1.7)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.554

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8f7252-5e91-4e42-a6a5-056da491b4f1

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/7c1e63df-d326-40bf-a428-fdb11150e8d1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3762

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3762