Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total16
Critical1
High5
Medium10
Reset
Showing 1-16 of 16 records
Threat Entry Updated 2025-12-08

CVE-2024-13342 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.

PLUGIN Booster For Woocommerce

CVE-2024-13342

HIGH CVSS 8.1 2025-08-29
Open Full Technical Breakdown
Threat Entry Updated 2025-04-09

CVE-2024-13708 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Booster For Woocommerce

CVE-2024-13708

HIGH CVSS 7.2 2025-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-04-09

CVE-2024-13744 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Booster For Woocommerce

CVE-2024-13744

HIGH CVSS 8.1 2025-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-04-10

CVE-2024-12278 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2024-12278

HIGH CVSS 7.2 2025-04-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-9170 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2024-9170

MEDIUM CVSS 5.5 2024-11-26
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-9239 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Booster For Woocommerce

CVE-2024-9239

MEDIUM CVSS 6.1 2024-11-20
Open Full Technical Breakdown
Threat Entry Updated 2025-03-11

CVE-2024-1986 - Booster For Woocommerce Plugin

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled.

PLUGIN Booster For Woocommerce

CVE-2024-1986

HIGH CVSS 8.8 2024-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2024-1534 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2024-1534

MEDIUM CVSS 6.4 2024-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-1054 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2024-1054

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4796 - Booster For Woocommerce Plugin

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.

PLUGIN Booster For Woocommerce

CVE-2023-4796

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5638 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2023-5638

MEDIUM CVSS 6.4 2023-10-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4945 - Booster For Woocommerce Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Booster For Woocommerce

CVE-2023-4945

MEDIUM CVSS 6.4 2023-09-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25001 - Booster For Woocommerce Plugin

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue

PLUGIN Booster For Woocommerce

CVE-2021-25001

MEDIUM CVSS 6.1 2022-01-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25000 - Booster For Woocommerce Plugin

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue

PLUGIN Booster For Woocommerce

CVE-2021-25000

MEDIUM CVSS 6.1 2022-01-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24999 - Booster For Woocommerce Plugin

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting

PLUGIN Booster For Woocommerce

CVE-2021-24999

MEDIUM CVSS 6.1 2022-01-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-34646 - Booster For Woocommerce Plugin

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be…

PLUGIN Booster For Woocommerce

CVE-2021-34646

CRITICAL CVSS 9.8 2021-08-30
Open Full Technical Breakdown
Scroll to top