CVE-2022-3763

Summary

CVE	CVE-2022-3763
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-21 11:15:00 UTC
Updated	2023-11-07 03:51:00 UTC
Description	The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Booster	Booster For Woocommerce	All	All	All	All
Application	Booster	Booster For Woocommerce	All	All	All	All
Application	Booster	Booster For Woocommerce	All	All	All	All

References

Reference	Source	Link	Tags
Booster for WooCommerce - Checkout Files Deletion via CSRF WordPress Security Vulnerability	CONFIRM	wpscan.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

150597 WordPress Booster for Woocommerce Plugin: Multiple Vulnerabilities (CVE-2022-41805,CVE-2022-3763,CVE-2022-3762)