CVE-2022-4016

2022-12-1218:15:13

[email protected]

web.nvd.nist.gov

booster

woocommerce

wordpress

csrf

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.1%

JSON

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks

Affected configurations

Nvd

Node

boosterbooster_for_woocommerceRange<1.1.8elitewordpress

boosterbooster_for_woocommerceRange<5.6.6pluswordpress

boosterbooster_for_woocommerceRange<5.6.7wordpress

VendorProductVersionCPE
boosterbooster_for_woocommerce*cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:*
boosterbooster_for_woocommerce*cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:*
boosterbooster_for_woocommerce*cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
booster	booster_for_woocommerce	*	cpe:2.3:a:booster:booster_for_woocommerce:::::elite:wordpress::
booster	booster_for_woocommerce	*	cpe:2.3:a:booster:booster_for_woocommerce:::::plus:wordpress::
booster	booster_for_woocommerce	*	cpe:2.3:a:booster:booster_for_woocommerce::::::wordpress::*