CVE-2023-48747
WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.
Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster for WooCommerce permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a Booster for WooCommerce: desde n/a hasta 7.1.2.
The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcj_product_add_new() function in all versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create and modify products
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-11-18 CVE Reserved
- 2023-11-24 CVE Published
- 2024-06-05 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-862: Missing Authorization
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Woocommerce Jetpack Search vendor "Woocommerce Jetpack" | Woocommerce Jetpack Search vendor "Woocommerce Jetpack" for product "Woocommerce Jetpack" | >= 0.0.0 <= 7.1.2 Search vendor "Woocommerce Jetpack" for product "Woocommerce Jetpack" and version " >= 0.0.0 <= 7.1.2" | en |
Affected
| ||||||