CVE-2023-52234 – WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52234
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Elite para WooCommerce. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.2. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to view arbitrary order information. • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2023-52231 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52231
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with susbcriber-level access and above, to access arbitrary order information. • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2023-52232 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-52232
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Vulnerabilidad de autorización faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary pages and posts. • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-52230 – WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52230
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autorización faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.3. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.3 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary WordPress option values. • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-3-authenticated-arbitrary-wordpress-option-disclosure-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51511 – WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-51511
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster Elite para WooCommerce permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.3. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to content injection via an unknown parameter in all versions up to and including 7.1.2 due to insufficient capability checks. This makes it possible for authenticated attackers, with subscriber access and above, to create and edit content using the plugin. • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-287: Improper Authentication •