CVE-2022-4017
Booster for WooCommerce - Multiple CSRF
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · Booster Elite for WooCommerceUnknown · Booster for WooCommerceUnknown · Booster Plus for WooCommerceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →