Log out
Get PRO

Latest

Access violation vulnerability in Booster Plus for WooCommerce 5.6.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 19, 2022

The Booster for WooCommerce plugin, used in WordPress websites, has a security vulnerability that allows people with an account and at least a ‘subscriber’ level of permission to modify their own orders. This includes the ability to mark the orders as paid even if they have not paid for them. This vulnerability is present in versions 5.6.2 (free) and 5.6.0 (premium) of the plugin.

Detected in:

Booster for WooCommerce fixed vulnerable versions: >= * <= 5.6.2
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools fixed vulnerable versions:
Booster for WooCommerce – PDF Invoices, Bulk Price Editor, Currency Switcher & 100+ Tools fixed vulnerable versions:
Booster Plus for WooCommerce fixed vulnerable versions: >= * <= 5.6.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.