CVE-2022-4017
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.5%
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| booster | booster_elite_woocommerce | * | cpe:2.3:a:booster:booster_elite_woocommerce:*:*:*:*:*:wordpress:*:* |
| booster | booster_for_woocommerce | * | cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:* |
| booster | booster_plus_woocommerce | * | cpe:2.3:a:booster:booster_plus_woocommerce:*:*:*:*:*:wordpress:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.5%