CVE-2022-3763

Exploit

EPSS 0.15%
Veröffentlicht 21.11.2022 11:15:21
Zuletzt bearbeitet 30.04.2025 16:15:25
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion

Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

Mögliche Gegenmaßnahme

Booster Plus for WooCommerce: Update to version 5.6.5, or a newer patched version

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 5.6.7, or a newer patched version

Booster Elite for WooCommerce: Update to version 1.1.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Booster Plus for WooCommerce

Version *-5.6.4

SystemWordPress Plugin

≫

Produkt Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Version *-5.6.6

SystemWordPress Plugin

≫

Produkt Booster Elite for WooCommerce

Version [*, 1.1.7)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Booster ≫ Booster For Woocommerce SwEditionelite SwPlatformwordpress Version < 1.1.7

Booster ≫ Booster For Woocommerce SwEditionplus SwPlatformwordpress Version < 5.6.5

Booster ≫ Booster For Woocommerce SwPlatformwordpress Version < 5.6.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.365

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/3acbdb2a-e7c6-4062-b48a-7035e464edaf

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/60679026-13a3-4702-91a3-876636f3c5bc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3763

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3763