WordPress Plugin Vulnerabilities

Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure

Description

The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with susbcriber-level access and above, to access arbitrary order information.

Affects Plugins

Plugin icon
booster-plus-for-woocommerce
Fixed in 7.1.2

References

CVE
CVE-2023-52231
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/38a90190-569f-46d8-bef4-fe28caf5e2fc

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
c4c3570b-375a-4cd7-9f4e-bb27cc62986f

Timeline

Publicly Published
2024-01-05 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-15
Title
Protect WP Admin < 4.2 - Missing Authorization
Published
2025-01-16
Title
Contact Form 7 Anti Spambot <= 1.0.1 - Missing Authorization
Published
2024-05-16
Title
ReviewX – Multi-criteria Rating & Reviews for WooCommerce < 1.6.28 - Missing Authorization
Published
2025-09-10
Title
My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Published
2024-12-03
Title
Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission