CVE-2022-3763 - OpenCVE

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Booster	Booster For Woocommerce

Configuration 1 [-]

OR	cpe:2.3:a:booster:booster_for_woocommerce:::::elite:wordpress::
	cpe:2.3:a:booster:booster_for_woocommerce:::::plus:wordpress::
	cpe:2.3:a:booster:booster_for_woocommerce::::::wordpress::*

References

Link	Resource
https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-11-21T00:00:00

Updated: 2022-11-29T13:40:38.833Z

Reserved: 2022-10-31T00:00:00

Link: CVE-2022-3763

JSON object: View

NVD Information

Status : Modified

Published: 2022-11-21T11:15:21.107

Modified: 2023-11-07T03:51:46.637

Link: CVE-2022-3763

JSON object: View

Redhat Information

No data.

CWE

No CWE.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:*", "matchCriteriaId": "C11EE041-6F7D-41A2-9CDF-0E23734B21D4", "versionEndExcluding": "1.1.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:*", "matchCriteriaId": "3DDF2125-27BC-4444-8021-B2FCE2907F93", "versionEndExcluding": "5.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E968BF40-54EE-45C0-989E-7CDA3934E9B8", "versionEndExcluding": "5.6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack"}, {"lang": "es", "value": "El complemento de WordPress Booster para WooCommerce anterior a 5.6.7, el complemento de WordPress Booster Plus para WooCommerce anterior a 5.6.5, el complemento de WordPress Booster Elite para WooCommerce anterior a 1.1.7 no tienen verificaci\u00f3n CSRF al eliminar archivos cargados en la caja, lo que permite a los atacantes hacer que un administrador o administrador de la tienda que haya iniciado sesi\u00f3n los elimine mediante un ataque CSRF"}], "id": "CVE-2022-3763", "lastModified": "2023-11-07T03:51:46.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-21T11:15:21.107", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}