CVE-2022-3762

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:*
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:*
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:20

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac - Exploit, Third Party Advisory

07 Nov 2023, 03:51

Type Values Removed Values Added
CWE CWE-22

Information

Published : 2022-11-21 11:15

Updated : 2024-11-21 07:20


NVD link : CVE-2022-3762

Mitre link : CVE-2022-3762

CVE.ORG link : CVE-2022-3762


JSON object : View

Products Affected

booster

  • booster_for_woocommerce
CWE

No CWE.