PT-2022-24030 · WordPress · Booster For Woocommerce+2

Published

2022-11-21

Updated

2022-11-23

CVE-2022-3762

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Booster for WooCommerce WordPress plugin versions prior to 5.6.7 Booster Plus for WooCommerce WordPress plugin versions prior to 5.6.5 Booster Elite for WooCommerce WordPress plugin versions prior to 1.1.7

Description The issue allows ShopManager and Admin to download arbitrary files from the server, even when they are not supposed to have this access, for example in multisite environments. This is due to the plugins not validating files to download in some of their modules.

Recommendations For Booster for WooCommerce WordPress plugin versions prior to 5.6.7, update to version 5.6.7 or later. For Booster Plus for WooCommerce WordPress plugin versions prior to 5.6.5, update to version 5.6.5 or later. For Booster Elite for WooCommerce WordPress plugin versions prior to 1.1.7, update to version 1.1.7 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-3762

Affected Products

Booster Elite For Woocommerce

Booster Plus For Woocommerce

Booster For Woocommerce

PT-2022-24030 · WordPress · Booster For Woocommerce+2

CVE-2022-3762

Related Identifiers

Affected Products

References · 4