CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53318 – WordPress WP DB Booster plugin <= 1.0.1 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-53318
27 Jun 2025 — Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1. The WP DB Booster plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/wp-db-booster/vulnerability/wordpress-wp-db-booster-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39446 – WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-39446
17 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary... • https://patchstack.com/database/wordpress/plugin/booster-plus-for-woocommerce/vulnerability/wordpress-booster-plus-for-woocommerce-plugin-7-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27348 – WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27348
24 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO allows Stored XSS. This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a through 1.2.0. The WP Social SEO Booster – Knowledge Graph Social Signals SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output esc... • https://patchstack.com/database/wordpress/plugin/wp-social-seo-booster/vulnerability/wordpress-wp-social-seo-booster-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52428 – WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52428
15 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. La vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivo remoto PHP') en Scripteo Ads Booster de Ads Pro permite la inclusión de archivos locales PHP. Este problema afecta a Ads ... • https://patchstack.com/database/vulnerability/free-wp-booster-by-ads-pro/wordpress-ads-booster-by-ads-pro-plugin-1-12-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32438 – WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32438
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cleverplugins.Com SEO Booster. Este problema afecta a SEO Booster: desde n/a hasta 3.8.9. The SEO Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.9. This is due to missing or incorrect nonce validation on the deleteall and delete actions. • https://patchstack.com/database/vulnerability/seo-booster/wordpress-seo-booster-plugin-3-8-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52230 – WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52230
05 Jan 2024 — Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autorización faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.3. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.3 (exclusi... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-3-authenticated-arbitrary-wordpress-option-disclosure-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52232 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-52232
05 Jan 2024 — Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Vulnerabilidad de autorización faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52231 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52231
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabi... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52234 – WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52234
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Elite para WooCommerce. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.2. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabilit... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51511 – WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-51511
27 Dec 2023 — Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster Elite para WooCommerce permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.3. The Booster Elite for WooCommerce plugi... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-287: Improper Authentication •