Vulnerabilities > Booster > Booster FOR Woocommerce > 7.2.4

DATE CVE VULNERABILITY TITLE RISK
2025-04-04 CVE-2024-13708 Unrestricted Upload of File with Dangerous Type vulnerability in Booster for Woocommerce
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping.
network
low complexity
booster CWE-434
7.2
7.2
2025-04-04 CVE-2024-13744 Unrestricted Upload of File with Dangerous Type vulnerability in Booster for Woocommerce
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4.
network
low complexity
booster CWE-434
critical
 9.8
9.8
2025-04-01 CVE-2024-12278 Cross-site Scripting vulnerability in Booster for Woocommerce
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping.
network
low complexity
booster CWE-79
6.1
6.1