cleantalk
Vulnerabilities and Security Researches

Booster for WooCommerce, CVE-2021-24999

CVE, Research URL

CVE-2021-24999

Home page URL

Security reports for Booster for WooCommerce

Application

Booster for WooCommerce

Published on
Jan 03, 2022
Research Description
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting
Affected versions
Min -, max 5.4.9.
Status
vulnerable
Previous vulnerability researches
Booster for WooCommerce (CVE-2022-3763) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-34646) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-24999) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-25000) , Jun 07, 2024
Booster for WooCommerce (CVE-2018-20966) , Jun 07, 2024
New vulnerability
Product Filter by WBW (CVE-2025-2317) , Apr 05, 2025
Widget Manager Light (CVE-2025-31768) , Apr 05, 2025
Residential Address Detection (CVE-2025-30916) , Apr 05, 2025
SWM – Shopify to WooCommerce Migration (CVE-2025-31795) , Apr 05, 2025
include-file (CVE-2025-30596) , Apr 05, 2025