Vulnerabilities > Booster > Booster FOR Woocommerce > 7.1.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-9170 | Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-11-20 | CVE-2024-9239 | Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. | 6.1 |
| 2024-05-02 | CVE-2024-3957 | Incorrect Authorization vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. | 7.3 |
| 2024-03-27 | CVE-2024-29760 | Unspecified vulnerability in Booster for Woocommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. | 6.1 |