{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4017", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-11-16T09:12:46.904Z", "datePublished": "2023-01-23T14:31:54.638Z", "dateUpdated": "2024-08-03T01:27:54.119Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-23T14:31:54.638Z"}, "title": "Booster for WooCommerce - Multiple CSRF", "problemTypes": [{"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Booster for WooCommerce", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "6.0.1"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}, {"vendor": "Unknown", "product": "Booster Plus for WooCommerce", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "6.0.1"}], "defaultStatus": "unaffected"}, {"vendor": "Unknown", "product": "Booster Elite for WooCommerce", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "6.0.1"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks"}], "references": [{"url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "WPScan", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.119Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:booster:booster_elite_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "368AE7E9-A900-4C64-803D-93EA6BEFB146", "versionEndExcluding": "6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6AC6A546-FE9A-46FF-BE92-C89433C09BF2", "versionEndExcluding": "6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:booster:booster_plus_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "661B4161-82B8-4640-BC39-372E43C0D948", "versionEndExcluding": "6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks"}, {"lang": "es", "value": "Las versiones del complemento Booster para WooCommerce de WordPress anteriores a la versi\u00f3n 6.0.1, as\u00ed como las versiones anteriores a la 6.0.1 del complemento Booster Plus para WooCommerce y tambi\u00e9n las anteriores a la 6.0.1 del complemento Booster Elite para WooCommerce tienen comprobaciones CSRF defectuosas o faltan por completo en numerosos lugares, lo que permite a los atacantes enga\u00f1ar a los usuarios registrados para que lleven a cabo acciones no deseadas a trav\u00e9s de ataques CSRF."}], "id": "CVE-2022-4017", "lastModified": "2024-11-21T07:34:27.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-23T15:15:14.060", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}