Booster for WooCommerce – Checkout Files Deletion via CSRF | CVE 2022-3763 | Plugin Vulnerabilities

Description

The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

Proof of Concept

Requirements:
- Enable the "Checkout File Upload" module of the plugin (/wp-admin/admin.php?page=wc-settings&tab=jetpack&wcj-cat=dashboard&section=all_module)

To delete the checkout files from the Order ID 1, Make a logged in shop manager or admin open: https://example.com/wp-admin/?wcj_download_checkout_file_admin_delete_all=1

Affects Plugins

woocommerce-jetpack

Fixed in 5.6.7

booster-plus-for-woocommerce

Fixed in 5.6.5

booster-elite-for-woocommerce

Fixed in 1.1.7

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID

7ab15530-8321-487d-97a5-1469b51fcc3f

Timeline

Publicly Published

2022-10-31 (about 3 years ago)

Added

2022-10-31 (about 3 years ago)

Last Updated

2022-11-02 (about 3 years ago)

Other

Published

Title

Published

2025-04-24

Title

Call Now PHT Blog <= 2.4.1 - Cross-Site Request Forgery

Published

2024-11-13

Title

wp-login customizer <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-04-17

Title

Amazon Showcase WordPress Plugin <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-03-31

Title

Leadfox for WordPress < 2.2.0 - Stored XSS via CSRF

Published

2024-07-11

Title

MBE eShip < 2.2.1 - Cross-Site Request Forgery