CVE-2022-4016

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Booster for WooCommerce WordPress plugin versions prior to 5.6.7 Booster Plus for WooCommerce WordPress plugin versions prior to 5.6.6 Booster Elite for WooCommerce WordPress plugin versions prior to 1.1.8

Description The issue concerns a failure to properly check for CSRF when creating and deleting Customer roles. This allows attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks.

Recommendations For Booster for WooCommerce WordPress plugin versions prior to 5.6.7, update to version 5.6.7 or later. For Booster Plus for WooCommerce WordPress plugin versions prior to 5.6.6, update to version 5.6.6 or later. For Booster Elite for WooCommerce WordPress plugin versions prior to 1.1.8, update to version 1.1.8 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-4016

Affected Products

Booster Elite For Woocommerce

Booster Plus For Woocommerce

Booster For Woocommerce

CVE-2022-4016

Related Identifiers

Affected Products

References · 5