Booster for WooCommerce < 7.1.3 – Missing Authorization to Product Creation/Modification | CVE 2023-48747 | Plugin Vulnerabilities

Description

The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcj_product_add_new() function in all versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create and modify products

Affects Plugins

woocommerce-jetpack

Fixed in 7.1.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/00ec2f57-48ee-49ea-ae8f-e7b24bf4535c

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Dave Jong

Verified

No

WPVDB ID

917c3814-258f-451e-bca4-4f78cb7d6a75

Timeline

Publicly Published

2023-11-24 (about 2 years ago)

Added

2023-11-29 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2024-07-06

Title

Get Better Reviews for WooCommerce <= 4.0.6 - Missing Authorization

Published

2023-11-01

Title

Funnelforms Free < 3.4.2 - Missing Authorization to Arbitrary Post Duplication

Published

2026-01-22

Title

KiviCare – Clinic & Patient Management System (EHR) < 3.6.16 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload

Published

2025-07-11

Title

Product XML Feed Manager for WooCommerce < 2.9.3 - Missing Authorization

Published

2025-04-02

Title

Local Magic <= 2.9.0 - Missing Authorization