Vulnerabilities > Booster > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-9170 | Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-11-20 | CVE-2024-9239 | Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. | 6.1 |
| 2024-06-09 | CVE-2023-52230 | Unspecified vulnerability in Booster for Woocommerce Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | 6.5 |
| 2024-06-09 | CVE-2023-52232 | Unspecified vulnerability in Booster for Woocommerce 5.6.5/5.6.6 Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | 6.5 |
| 2024-03-27 | CVE-2024-29760 | Unspecified vulnerability in Booster for Woocommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. | 6.1 |
| 2024-03-07 | CVE-2024-1534 | Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-29 | CVE-2024-1054 | Cross-site Scripting vulnerability in Booster for Woocommerce The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. | 5.4 |
| 2023-11-30 | CVE-2023-48333 | Unspecified vulnerability in Booster for Woocommerce Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1. | 6.5 |
| 2023-11-23 | CVE-2023-40002 | Unspecified vulnerability in Booster for Woocommerce Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions. | 6.5 |
| 2023-10-20 | CVE-2023-4796 | Information Exposure vulnerability in Booster for Woocommerce The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. | 4.3 |