6.5
CVE-2022-4016
- EPSS 0.27%
- Veröffentlicht 12.12.2022 18:15:13
- Zuletzt bearbeitet 22.04.2025 15:16:08
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginBooster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
Mögliche Gegenmaßnahme
Booster Elite for WooCommerce: Update to version 1.1.8, or a newer patched version
Booster Plus for WooCommerce: Update to version 5.6.6, or a newer patched version
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 5.6.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Booster Elite for WooCommerce
Version
*-1.1.7
SystemWordPress Plugin
≫
Produkt
Booster Plus for WooCommerce
Version
*-5.6.5
SystemWordPress Plugin
≫
Produkt
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
Version
*-5.6.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Booster ≫ Booster For Woocommerce SwEditionelite SwPlatformwordpress Version < 1.1.8
Booster ≫ Booster For Woocommerce SwEditionplus SwPlatformwordpress Version < 5.6.6
Booster ≫ Booster For Woocommerce SwPlatformwordpress Version < 5.6.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.499 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|