The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac - Exploit, Third Party Advisory |
07 Nov 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2022-11-21 11:15
Updated : 2024-11-21 07:20
NVD link : CVE-2022-3762
Mitre link : CVE-2022-3762
CVE.ORG link : CVE-2022-3762
JSON object : View
Products Affected
booster
- booster_for_woocommerce
CWE
No CWE.