Vulnerability Description
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Booster | Booster For Woocommerce | < 7.1.9 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/clProduct
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e9Third Party Advisory
- https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/clProduct
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e9Third Party Advisory
FAQ
What is CVE-2024-3957?
CVE-2024-3957 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary sh...
How severe is CVE-2024-3957?
CVE-2024-3957 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-3957?
Check the references section above for vendor advisories and patch information. Affected products include: Booster Booster For Woocommerce.