cleantalk
Vulnerabilities and Security Researches

Booster for WooCommerce, CVE-2024-13342

CVE, Research URL

CVE-2024-13342

Home page URL

Security reports for Booster for WooCommerce

Application

Booster for WooCommerce

Published on
Aug 29, 2025
Research Description
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
Affected versions
Min -, max 7.2.5.
Status
vulnerable
Previous vulnerability researches
Epeken All Kurir Plugin for Woocommerce Full Version (CVE-2025-32673) , Apr 11, 2025
Epeken All Kurir Plugin for Woocommerce Full Version (CVE-2025-58212) , Aug 30, 2025
New vulnerability
Related Posts Lite (CVE-2025-9618) , Sep 01, 2025
Ocean Extra (CVE-2025-9499) , Sep 01, 2025
Amministrazione Trasparente (CVE-2025-5083) , Sep 01, 2025
Team Member Showcase Staff List Plugin – Employee Spotlight (CVE-2025-53583) , Sep 01, 2025
Printeers Print & Ship (CVE-2025-48081) , Sep 01, 2025