8.1
CVE-2022-3763
- EPSS 0.37%
- Veröffentlicht 21.11.2022 11:15:21
- Zuletzt bearbeitet 30.04.2025 16:15:25
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginBooster for WooCommerce - Checkout Files Deletion via CSRF
Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion
Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
Mögliche Gegenmaßnahme
Booster Plus for WooCommerce: Update to version 5.6.5, or a newer patched version
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 5.6.7, or a newer patched version
Booster Elite for WooCommerce: Update to version 1.1.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Booster ≫ Booster For Woocommerce SwEditionelite SwPlatformwordpress Version < 1.1.7
Booster ≫ Booster For Woocommerce SwEditionplus SwPlatformwordpress Version < 5.6.5
Booster ≫ Booster For Woocommerce SwPlatformwordpress Version < 5.6.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Booster Plus for WooCommerce
Version
*-5.6.4
SystemWordPress Plugin
≫
Produkt
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
Version
*-5.6.6
SystemWordPress Plugin
≫
Produkt
Booster Elite for WooCommerce
Version
[*, 1.1.7)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.287 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f
https://www.wordfence.com/threat-intel/vulnerabilities/id/3acbdb2a-e7c6-4062-b48a-7035e464edaf
https://www.wordfence.com/threat-intel/vulnerabilities/id/60679026-13a3-4702-91a3-876636f3c5bc