CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27348 – WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27348
24 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO allows Stored XSS. This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a through 1.2.0. The WP Social SEO Booster – Knowledge Graph Social Signals SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output esc... • https://patchstack.com/database/wordpress/plugin/wp-social-seo-booster/vulnerability/wordpress-wp-social-seo-booster-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52428 – WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52428
15 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. La vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivo remoto PHP') en Scripteo Ads Booster de Ads Pro permite la inclusión de archivos locales PHP. Este problema afecta a Ads ... • https://patchstack.com/database/vulnerability/free-wp-booster-by-ads-pro/wordpress-ads-booster-by-ads-pro-plugin-1-12-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32438 – WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32438
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cleverplugins.Com SEO Booster. Este problema afecta a SEO Booster: desde n/a hasta 3.8.9. The SEO Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.9. This is due to missing or incorrect nonce validation on the deleteall and delete actions. • https://patchstack.com/database/vulnerability/seo-booster/wordpress-seo-booster-plugin-3-8-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52230 – WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52230
05 Jan 2024 — Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autorización faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.3. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.3 (exclusi... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-3-authenticated-arbitrary-wordpress-option-disclosure-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52231 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52231
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabi... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52232 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-52232
05 Jan 2024 — Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Vulnerabilidad de autorización faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52234 – WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52234
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Elite para WooCommerce. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.2. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabilit... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51511 – WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-51511
27 Dec 2023 — Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster Elite para WooCommerce permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.3. The Booster Elite for WooCommerce plugi... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48333 – WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-48333
24 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Pluggabl LLC Booster para WooCommerce. Este problema afecta a Booster para WooCommerce: desde n/a hasta 7.1.1. The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the... • https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5638 – Booster for WooCommerce <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2023-5638
18 Oct 2023 — The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Booster for WooCommerce para WordPress es vulnerabl... • https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.2/includes/shortcodes/class-wcj-general-shortcodes.php#L1122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •