Booster Booster For Woocommerce — known CVE vulnerabilities
Every CVE whose affected-product data names Booster Booster For Woocommerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (37)
CVE-2021-34646 — CVSS 9.8 (critical): Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the…
CVE-2024-1986 — CVSS 8.8 (high): The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2022-4017 — CVSS 8.8 (high): The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for…
CVE-2024-13744 — CVSS 8.1 (high): The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2024-13342 — CVSS 8.1 (high): The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2022-3763 — CVSS 8.1 (high): The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for…
CVE-2024-12278 — CVSS 7.2 (high): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes…
CVE-2024-13708 — CVSS 7.2 (high): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to…
CVE-2025-39446 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for…
CVE-2025-64196 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce…
CVE-2024-29760 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce…
CVE-2025-64380 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce…
CVE-2022-3762 — CVSS 6.5 (medium): The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for…
CVE-2022-4016 — CVSS 6.5 (medium): The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for…
CVE-2023-40002 — CVSS 6.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions.
CVE-2023-48333 — CVSS 6.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster…
CVE-2023-48747 — CVSS 6.5 (medium): Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by…
CVE-2023-51511 — CVSS 6.5 (medium): Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained…
CVE-2023-52230 — CVSS 6.5 (medium): Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a…
CVE-2023-52231 — CVSS 6.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster…
CVE-2023-52232 — CVSS 6.5 (medium): Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a…
CVE-2023-52234 — CVSS 6.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects…
CVE-2024-3957 — CVSS 6.5 (medium): The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8…
CVE-2023-5638 — CVSS 6.4 (medium): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to…
CVE-2023-4945 — CVSS 6.4 (medium): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to…
CVE-2024-1534 — CVSS 6.4 (medium): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions…
CVE-2024-1054 — CVSS 6.4 (medium): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode'…
CVE-2022-4227 — CVSS 6.1 (medium): The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for…
CVE-2024-9239 — CVSS 6.1 (medium): The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg &…
CVE-2021-25000 — CVSS 6.1 (medium): The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back…
CVE-2021-24999 — CVSS 6.1 (medium): The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back…
CVE-2021-25001 — CVSS 6.1 (medium): The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before…
CVE-2024-9170 — CVSS 5.5 (medium): The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode…
CVE-2022-41805 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
CVE-2025-64379 — CVSS 4.3 (medium): Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access…
CVE-2023-4796 — CVSS 4.3 (medium): The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and…