CVE-2024-13708

High CVSS: 7.2

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Vendor

Booster

Product

Booster For Woocommerce

CWE

CWE-434

Yayın Tarihi

2025-04-04 06:15:39

Güncelleme

2025-04-09 17:55:11

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-434 Booster For Woocommerce HIGH Booster 2025

Referanslar

https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-checkout-files-upload.php https://www.wordfence.com/threat-intel/vulnerabilities/id/f58b3971-e1e4-4337-82a3-99c9079c6696?source=cve

Benzer Kayıtlar

Medium

CVE-2025-64380

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster f…

Medium

CVE-2025-64379

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectl…

High

CVE-2025-64196

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster f…

High

CVE-2024-13342

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valida…

High

CVE-2025-39446

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Boost…

High

CVE-2024-13744

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valida…