Log out
Get PRO

Latest

Input validation vulnerability in Booster Plus for WooCommerce 5.6.4

  • Severity: high-risk
  • Status: Fixed
  • Publication: October 31, 2022

The Booster for WooCommerce plugin for WordPress has a security vulnerability in versions up to 5.6.6 (Free) and 5.6.4 (Premium). This flaw allows unauthenticated attackers to delete files uploaded during checkout without needing to be authenticated. This can be done by getting a Shop Manager to click on a malicious link. To protect against this, the plugin should be updated to ensure that nonce validation is performed when deleting files.

Detected in:

Booster for WooCommerce fixed vulnerable versions: >= * <= 5.6.6
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools fixed vulnerable versions:
Booster for WooCommerce – PDF Invoices, Bulk Price Editor, Currency Switcher & 100+ Tools fixed vulnerable versions:
Booster Plus for WooCommerce fixed vulnerable versions: >= * <= 5.6.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.