CVE-2022-3762

Published: Nov 21, 2022

Modified: Apr 30, 2025

PUBLISHED

Description

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)

Vendor	Product	Versions
Unknown	Booster for WooCommerce	affected `0 - < 5.6.7`
Unknown	Booster Plus for WooCommerce	affected `0 - < 5.6.5`
Unknown	Booster Elite for WooCommerce	affected `0 - < 1.1.7`

References

https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac

exploit

vdb-entry

technical-description

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3762

Description

Affected Products

References