Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical0
High4
Medium5
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2025-12-08

CVE-2024-13342 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.

PLUGIN Woocommerce Jetpack

CVE-2024-13342

HIGH CVSS 8.1 2025-08-29
Open Full Technical Breakdown
Threat Entry Updated 2025-04-09

CVE-2024-13708 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

PLUGIN Woocommerce Jetpack

CVE-2024-13708

HIGH CVSS 7.2 2025-04-04
Open Full Technical Breakdown
Threat Entry Updated 2025-04-10

CVE-2024-12278 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Woocommerce Jetpack

CVE-2024-12278

HIGH CVSS 7.2 2025-04-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-9170 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Woocommerce Jetpack

CVE-2024-9170

MEDIUM CVSS 5.5 2024-11-26
Open Full Technical Breakdown
Threat Entry Updated 2025-02-05

CVE-2024-9239 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Woocommerce Jetpack

CVE-2024-9239

MEDIUM CVSS 6.1 2024-11-20
Open Full Technical Breakdown
Threat Entry Updated 2025-03-11

CVE-2024-1986 - Woocommerce Jetpack Plugin

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled.

PLUGIN Woocommerce Jetpack

CVE-2024-1986

HIGH CVSS 8.8 2024-03-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4796 - Woocommerce Jetpack Plugin

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.

PLUGIN Woocommerce Jetpack

CVE-2023-4796

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5638 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Woocommerce Jetpack

CVE-2023-5638

MEDIUM CVSS 6.4 2023-10-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4945 - Woocommerce Jetpack Plugin

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Woocommerce Jetpack

CVE-2023-4945

MEDIUM CVSS 6.4 2023-09-14
Open Full Technical Breakdown
Scroll to top