cleantalk
Vulnerabilities and Security Researches

Booster for WooCommerce, CVE-2022-3763

CVE, Research URL

CVE-2022-3763

Home page URL

Security reports for Booster for WooCommerce

Application

Booster for WooCommerce

Published on
Nov 21, 2022
Research Description
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
Affected versions
Min -, max 5.6.7.
Status
vulnerable
Previous vulnerability researches
Booster for WooCommerce (CVE-2022-3763) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-34646) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-24999) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-25000) , Jun 07, 2024
Booster for WooCommerce (CVE-2018-20966) , Jun 07, 2024
New vulnerability
Product Filter by WBW (CVE-2025-2317) , Apr 05, 2025
Widget Manager Light (CVE-2025-31768) , Apr 05, 2025
Residential Address Detection (CVE-2025-30916) , Apr 05, 2025
SWM – Shopify to WooCommerce Migration (CVE-2025-31795) , Apr 05, 2025
include-file (CVE-2025-30596) , Apr 05, 2025