Описание
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.7 (исключая)Версия до 5.6.5 (исключая)Версия до 5.6.7 (исключая)
Одно из
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:*
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:*
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 36%
0.00154
Низкий
8.1 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 8.1
github
около 3 лет назад
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
EPSS
Процентиль: 36%
0.00154
Низкий
8.1 High
CVSS3