Medium severity6.5NVD Advisory· Published May 2, 2024· Updated Apr 8, 2026

CVE-2024-3957

Description

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.

Affected products

Booster/Booster For Woocommerce
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*
Range: <7.1.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changesetnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e97-8b30221b509fnvdThird Party Advisory
plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-product-by-user.phpnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000