Unrated severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
Booster for WooCommerce - Custom Role Creation/Deletion via CSRF
CVE-2022-4016
Description
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<1.1.8+ 1 more
- (no CPE)range: <1.1.8
- (no CPE)range: <1.1.8
- Range: <5.6.6
- Range: <5.6.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/9b77044c-fd3f-4e6f-a759-dcc3082dcbd6mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.