cleantalk
Vulnerabilities and Security Researches

Booster for WooCommerce, CVE-2024-13708

CVE, Research URL

CVE-2024-13708

Home page URL

Security reports for Booster for WooCommerce

Application

Booster for WooCommerce

Published on
Apr 04, 2025
Research Description
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions
Min -, max 7.2.5.
Status
vulnerable
Previous vulnerability researches
Teleport (CVE-2025-28855) , Mar 29, 2025
New vulnerability
Showeblogin Social Plugin (CVE-2025-32169) , Apr 06, 2025
Video & Photo Gallery for Ultimate Member (CVE-2025-32121) , Apr 06, 2025
Sidebar Manager Light (CVE-2025-32112) , Apr 06, 2025
CRM WordPress Plugin – RepairBuddy (CVE-2025-32277) , Apr 06, 2025
Ni WooCommerce Cost Of Goods (CVE-2025-32207) , Apr 06, 2025