CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
37.9%
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
Vendor | Product | Version | CPE |
---|---|---|---|
booster | booster_for_woocommerce | * | cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:* |
booster | booster_for_woocommerce | * | cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:* |
booster | booster_for_woocommerce | * | cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:* |
[
{
"vendor": "Unknown",
"product": "Booster for WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "5.6.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
},
{
"vendor": "Unknown",
"product": "Booster Plus for WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "5.6.5"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Unknown",
"product": "Booster Elite for WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.7"
}
],
"defaultStatus": "unaffected"
}
]
More
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
37.9%