cleantalk
Vulnerabilities and Security Researches

Booster for WooCommerce, CVE-2024-12278

CVE, Research URL

CVE-2024-12278

Home page URL

Security reports for Booster for WooCommerce

Application

Booster for WooCommerce

Published on
Apr 01, 2025
Research Description
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 7.2.6.
Status
vulnerable
Previous vulnerability researches
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2023-41805) , Jun 10, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2024-47345) , Sep 30, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates , Dec 24, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2025-24568) , Jan 25, 2025
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2024-4630) , Jun 06, 2024
New vulnerability
Quick Localization (Quick Localisation) (CVE-2025-30607) , Apr 03, 2025
WishSuite – Wishlist for WooCommerce (CVE-2025-30820) , Apr 03, 2025
wpShopGermany IT-RECHT KANZLEI (CVE-2025-30804) , Apr 03, 2025
Fusion Page Builder (CVE-2025-31549) , Apr 03, 2025
WP Fast Total Search – The Power of Indexed Search (CVE-2025-30894) , Apr 03, 2025