CVE-2022-4227

EPSS 0.41%
Veröffentlicht 26.12.2022 13:15:13
Zuletzt bearbeitet 14.04.2025 14:15:22
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Booster for WooCommerce - Reflected Cross-Site Scripting

Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Mögliche Gegenmaßnahme

Booster Elite for WooCommerce: Update to version 6.0.0, or a newer patched version

Booster Plus for WooCommerce: Update to version 6.0.0, or a newer patched version

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 5.6.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Booster ≫ Booster Elite For Woocommerce SwPlatformwordpress Version < 6.0.0

Booster ≫ Booster For Woocommerce SwPlatformwordpress Version < 5.6.3

Booster ≫ Booster Plus For Woocommerce SwPlatformwordpress Version < 6.0.0

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Booster Elite for WooCommerce

Version [*, 6.0.0)

SystemWordPress Plugin

≫

Produkt Booster Plus for WooCommerce

Version [*, 6.0.0)

SystemWordPress Plugin

≫

Produkt Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Version *-5.6.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.322

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d86204-51df-4adf-aac4-f5e007d9f3c3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4227

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4227

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4227

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4227