Описание
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.1 (исключая)Версия до 6.0.1 (исключая)Версия до 6.0.1 (исключая)
Одно из
cpe:2.3:a:booster:booster_elite_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:booster:booster_plus_woocommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
8.8 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
EPSS
Процентиль: 43%
0.00208
Низкий
8.8 High
CVSS3