Booster for WooCommerce – Multiple CSRF | CVE 2022-4017

Affects Plugins

woocommerce-jetpack

Fixed in 6.0.1

booster-plus-for-woocommerce

Fixed in 6.0.1

booster-elite-for-woocommerce

Fixed in 6.0.1

References

CVE

CVE-2022-4017

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID

609072d0-9bb9-4fe0-9626-7e4a334ca3a4

Timeline

Publicly Published

2023-01-02 (about 1 years ago)

Added

2023-01-02 (about 1 years ago)

Last Updated

2023-01-02 (about 1 years ago)

Other

Published

Title

Published

2024-04-26

Title

Radio Station by netmix® – Manage and play your Show Schedule in WordPress! < 2.5.8 - Cross-Site Request Forgery to Notice Dismissal

Published

2023-02-07

Title

Wicked Folders < 2.18.17 - Folder Structure Update via CSRF

Published

2024-04-12

Title

Libsyn Publisher Hub <= 1.4.4 - Cross-Site Request Forgery

Published

2021-06-30

Title

Journey Analytics < 1.0.13 - Unauthorised AJAX call via CSRF

Published

2024-01-08

Title

LiveChat WooCommerce < 2.2.17 - Cross-Site Request Forgery