CVE-2022-4017

HIGH

8.8

Description

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie1/23/2023

Derniere modification4/2/2025

Sourcenvd

Observations honeypot0

Produits affectes

booster:booster_elite_woocommercebooster:booster_for_woocommercebooster:booster_plus_woocommerce

References

https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4(contact@wpscan.com)

https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.