CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24999 – Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module
https://notcve.org/view.php?id=CVE-2021-24999
01 Dec 2021 — The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting El plugin Booster for WooCommerce de WordPress versiones anteriores a 5.4.9, no sanea ni escapa del parámetro wcj_notice antes de devolverlo al panel de administración cuando el módulo Pdf Invoicing está habilitado, conllevando a un problema de tipo Cross-Site Scri... • https://wpscan.com/vulnerability/8527f4fe-312f-45c1-ae4c-7e799702fc26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25000 – Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module
https://notcve.org/view.php?id=CVE-2021-25000
01 Dec 2021 — The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue El plugin Booster for WooCommerce de WordPress versiones anteriores a 5.4.9, no sanea ni escapa del parámetro wcj_delete_role antes de devolverlo al panel de administración cuando el módulo General está habilitado, conllevando a un problema de tipo Cross-Site Scr... • https://wpscan.com/vulnerability/bc167b3a-24ee-4988-9934-189b6216ce40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25001 – Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module
https://notcve.org/view.php?id=CVE-2021-25001
01 Dec 2021 — The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue El plugin Booster for WooCommerce de WordPress versiones anteriores a 5.4.9, no sanea ni escapa del parámetro wcj_create_products_xml_result antes de devolverlo al panel de administración cuando el módulo Product XML Feeds está habilitado... • https://wpscan.com/vulnerability/76f0257d-aae7-4054-9b3d-ba10b4005cf1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24776 – WP Performance Score Booster < 2.1 - Settings Change via CSRF
https://notcve.org/view.php?id=CVE-2021-24776
18 Oct 2021 — The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. El plugin WP Performance Score Booster de WordPress versiones anteriores a 2.1, no presenta una comprobación de tipo CSRF cuando guarda sus ajustes, que podría permitir a atacantes hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF • https://wpscan.com/vulnerability/a59ebab8-5df7-4093-b853-da9472f53508 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 28%CPEs: 1EXPL: 4CVE-2021-34646 – Booster for WooCommerce <= 5.4.3 Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-34646
24 Aug 2021 — Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, ... • https://www.exploit-db.com/exploits/50299 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-290: Authentication Bypass by Spoofing CWE-330: Use of Insufficiently Random Values •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 1CVE-2018-20966 – Booster for WooCommerce <= 3.7.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20966
28 Jul 2018 — The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. El plugin woocommerce-jetpack anterior a la versión3.8.0 para WordPress tiene XSS en la función Products Per Page. • https://github.com/parzel/CVE-2018-20966 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •