Booster for WooCommerce – Checkout Files Deletion via CSRF | CVE 2022-3763 | Plugin Vulnerabilities

Description

The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

Proof of Concept

Requirements:
- Enable the "Checkout File Upload" module of the plugin (/wp-admin/admin.php?page=wc-settings&tab=jetpack&wcj-cat=dashboard&section=all_module)

To delete the checkout files from the Order ID 1, Make a logged in shop manager or admin open: https://example.com/wp-admin/?wcj_download_checkout_file_admin_delete_all=1

Affects Plugins

woocommerce-jetpack

Fixed in 5.6.7

booster-plus-for-woocommerce

Fixed in 5.6.5

booster-elite-for-woocommerce

Fixed in 1.1.7

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID

7ab15530-8321-487d-97a5-1469b51fcc3f

Timeline

Publicly Published

2022-10-31 (about 1 years ago)

Added

2022-10-31 (about 1 years ago)

Last Updated

2022-11-02 (about 1 years ago)

Other

Published

Title

Published

2019-01-14

Title

Companion Sitemap Generator < 3.7.0 - CSRF

Published

2023-11-07

Title

Auto Affiliate Links < 6.4.2.5 - Settings Update to Stored XSS via CSRF

Published

2023-07-17

Title

WooCommerce Ship to Multiple Addresses < 3.8.6 - Cross-Site Request Forgery

Published

2018-09-17

Title

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

Published

2020-09-26

Title

WooCommerce Checkout & Funnel Builder by CartFlows < 1.5.16 - Cross-Site Request Forgery