Booster

Booster For Woocommerce

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-64380

  • EPSS 0.05%
  • Veröffentlicht 13.11.2025 09:24:34
  • Zuletzt bearbeitet 30.01.2026 18:15:58

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.

4.3

CVE-2025-64379

  • EPSS 0.04%
  • Veröffentlicht 13.11.2025 09:24:34
  • Zuletzt bearbeitet 20.01.2026 15:18:58

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.

7.1

CVE-2025-64196

  • EPSS 0.05%
  • Veröffentlicht 06.11.2025 15:56:07
  • Zuletzt bearbeitet 20.01.2026 15:18:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5.

9.8

CVE-2024-13342

  • EPSS 0.26%
  • Veröffentlicht 29.08.2025 10:54:01
  • Zuletzt bearbeitet 08.12.2025 19:02:48

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated ...

6.1

CVE-2025-39446

  • EPSS 0.04%
  • Veröffentlicht 19.05.2025 18:55:54
  • Zuletzt bearbeitet 08.12.2025 18:55:39

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.

7.2

CVE-2024-13708

  • EPSS 0.57%
  • Veröffentlicht 04.04.2025 05:22:46
  • Zuletzt bearbeitet 09.04.2025 17:55:11

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attac...

9.8

CVE-2024-13744

  • EPSS 1.58%
  • Veröffentlicht 04.04.2025 04:21:22
  • Zuletzt bearbeitet 09.04.2025 18:09:50

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthent...

6.1

CVE-2024-12278

  • EPSS 0.53%
  • Veröffentlicht 01.04.2025 07:15:38
  • Zuletzt bearbeitet 10.04.2025 13:19:57

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitizat...

4.8

CVE-2024-9170

  • EPSS 0.27%
  • Veröffentlicht 26.11.2024 09:15:06
  • Zuletzt bearbeitet 05.02.2025 16:42:39

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user s...

6.1

CVE-2024-9239

  • EPSS 1.25%
  • Veröffentlicht 20.11.2024 07:15:10
  • Zuletzt bearbeitet 05.02.2025 16:41:42

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it pos...