VYPR

Booster For Woocommerce

by WordPress

CVEs (25)

  • CVE-2023-4945MedSep 14, 2023
    risk 0.35cvss 6.4epss 0.00

    The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2022-41805MedNov 18, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.

  • CVE-2024-9170MedNov 26, 2024
    risk 0.29cvss 5.5epss 0.00

    The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2023-4796MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.01

    The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated…

  • CVE-2024-13342Aug 29, 2025
    risk 0.00cvss epss 0.01

    The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary…

Page 2 of 2