Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:C79E8233-465F-4387-9F8A-EDBE44D8F14F
HistoryNov 29, 2023 - 12:00 a.m.

Booster for WooCommerce < 7.1.2 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure

2023-11-2900:00:00
wpscan.com
3
woocommerce
plugin
wordpress
vulnerability
unauthorized access
data
missing capability check
attacker
subscriber-level access

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

18.1%

JSON

Description The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_atts() function in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order information.

Related

cve 1
cvelist 1
nvd 1
prion 1
wordfence 1
cve
cve
CVE-2023-48333
2023-11-30 15:15:09
cvelist
cvelist
CVE-2023-48333 WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
2023-11-30 14:17:28
nvd
nvd
CVE-2023-48333
2023-11-30 15:15:09
prion
prion
Code injection
2023-11-30 15:15:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
2023-11-30 15:31:16

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

18.1%

JSON
Related for WPVDB-ID:C79E8233-465F-4387-9F8A-EDBE44D8F14F
cve1cvelist1nvd1prion1wordfence1