WordPress Plugin Vulnerabilities

Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion

Description

The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary pages and posts.

Affects Plugins

Plugin icon
booster-plus-for-woocommerce
Fixed in 7.1.2

References

CVE
CVE-2023-52232
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/df65af54-ce55-4c50-8a62-5541a1879ad4

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
f9b8aed3-72ec-4aec-92fb-b3673e0ee805

Timeline

Publicly Published
2024-01-05 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-18
Title
DirectoryPress – Business Directory And Classified Ad Listing < 3.6.27 - Missing Authorization
Published
2024-06-06
Title
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.20 - Missing Authorization
Published
2025-09-05
Title
Gutentor <= 3.5.4 - Missing Authorization
Published
2024-05-20
Title
BookingPress < 1.0.83 - Missing Authorization to Appointment Time Alteration
Published
2025-12-31
Title
Wawp < 4.5 - Missing Authorization