cleantalk
Vulnerabilities and Security Researches

Booster for WooCommerce, eff37fad-7c19-43a1-a88d-0c10c1f75e16

CVE, Research URL

eff37fad-7c19-43a1-a88d-0c10c1f75e16

Home page URL

Security reports for Booster for WooCommerce

Application

Booster for WooCommerce

Published on
-
Research Description
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches &amp; 100+ Tools [woocommerce-jetpack] < 7.1.0 Booster for WooCommerce &lt; 7.1.0 - Shop Manager+ Missing Authorization to Arbitrary Options Update The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the &#039;manage_options&#039; function in versions up to, and including, 7.0.0. This makes it possible for authenticated attackers with Shop Manager privileges to update arbitrary site options.
Affected versions
max 7.1.0.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026