CVE-2022-4017

EPSS 0.23%
Veröffentlicht 23.01.2023 15:15:14
Zuletzt bearbeitet 02.04.2025 16:15:23
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks

Mögliche Gegenmaßnahme

Booster Elite for WooCommerce: Update to version 6.0.1, or a newer patched version

Booster Plus for WooCommerce: Update to version 6.0.1, or a newer patched version

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 6.0.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Booster Elite for WooCommerce

Version *-6.0.0

SystemWordPress Plugin

≫

Produkt Booster Plus for WooCommerce

Version *-6.0.0

SystemWordPress Plugin

≫

Produkt Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Version *-6.0.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Booster ≫ Booster Elite Woocommerce SwPlatformwordpress Version < 6.0.1

Booster ≫ Booster For Woocommerce SwPlatformwordpress Version < 6.0.1

Booster ≫ Booster Plus Woocommerce SwPlatformwordpress Version < 6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.452

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0af6e55d-def9-4bb1-ade9-56aa8184961c

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4017

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4017