cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1986,https://securityvulnerability.io/vulnerability/CVE-2024-1986,Arbitrary File Uploads Vulnerability in Booster Elite WooCommerce Plugin,"The Booster Elite for WooCommerce plugin for WordPress has a vulnerability allowing arbitrary file uploads due to missing file type validation in the wc_add_new_product() function. This issue is prevalent in all versions up to and including 7.1.7, exposing sites to potential remote code execution risks if the product upload functionality is enabled. Attackers with customer-level access or higher can exploit this vulnerability to upload unauthorized files to the server, posing significant security threats to the affected WordPress installations.",Wordpress,Booster Elite For WooCommerce,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2024-03-07T20:33:26.566Z,0
CVE-2022-4017,https://securityvulnerability.io/vulnerability/CVE-2022-4017,Booster for WooCommerce - Multiple CSRF,"The Booster for WooCommerce WordPress plugin, including its variants Booster Plus and Booster Elite, are susceptible to Cross-Site Request Forgery due to inadequate or absent CSRF protection mechanisms in several functionalities. This security flaw allows potential attackers to exploit authenticated sessions of legitimate users, executing unintended actions on their behalf without their consent.",Wordpress,"Booster For WooCommerce,Booster Plus For WooCommerce,Booster Elite For WooCommerce",8.8,HIGH,0.0019399999873712659,false,,false,false,false,,false,false,2023-01-23T14:31:54.638Z,0
CVE-2022-4227,https://securityvulnerability.io/vulnerability/CVE-2022-4227,Booster for WooCommerce - Reflected Cross-Site Scripting,"The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting",Wordpress,"Booster For WooCommerce,Booster Plus For WooCommerce,Booster Elite For WooCommerce",6.1,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-12-26T12:28:11.362Z,0
CVE-2022-4016,https://securityvulnerability.io/vulnerability/CVE-2022-4016,Booster for WooCommerce - Custom Role Creation/Deletion via CSRF,"The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks",Wordpress,"Booster For WooCommerce,Booster Plus For WooCommerce,Booster Elite For WooCommerce",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2022-12-12T17:57:10.870Z,0
CVE-2022-3762,https://securityvulnerability.io/vulnerability/CVE-2022-3762,Booster for WooCommerce - ShopManager+ Arbitrary File Download,"The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)",Wordpress,"Booster For WooCommerce,Booster Plus For WooCommerce,Booster Elite For WooCommerce",6.5,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0
CVE-2022-3763,https://securityvulnerability.io/vulnerability/CVE-2022-3763,Booster for WooCommerce - Checkout Files Deletion via CSRF,"The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack",Wordpress,"Booster For WooCommerce,Booster Plus For WooCommerce,Booster Elite For WooCommerce",8.1,HIGH,0.0006900000153109431,false,,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0