The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9b77044c-fd3f-4e6f-a759-dcc3082dcbd6 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-12T17:57:10.870Z
Updated:
Reserved: 2022-11-16T09:11:59.460Z
Link: CVE-2022-4016
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-12T18:15:13.167
Modified: 2023-11-07T03:56:41.867
Link: CVE-2022-4016
JSON object: View
Redhat Information
No data.
CWE
No CWE.