CVE-2022-4017

{"id": "CVE-2022-4017", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-23T15:15:14.060", "references": [{"url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks"}, {"lang": "es", "value": "Las versiones del complemento Booster para WooCommerce de WordPress anteriores a la versi\u00f3n 6.0.1, as\u00ed como las versiones anteriores a la 6.0.1 del complemento Booster Plus para WooCommerce y tambi\u00e9n las anteriores a la 6.0.1 del complemento Booster Elite para WooCommerce tienen comprobaciones CSRF defectuosas o faltan por completo en numerosos lugares, lo que permite a los atacantes enga\u00f1ar a los usuarios registrados para que lleven a cabo acciones no deseadas a trav\u00e9s de ataques CSRF."}], "lastModified": "2025-04-02T16:15:23.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:booster:booster_elite_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "368AE7E9-A900-4C64-803D-93EA6BEFB146", "versionEndExcluding": "6.0.1"}, {"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6AC6A546-FE9A-46FF-BE92-C89433C09BF2", "versionEndExcluding": "6.0.1"}, {"criteria": "cpe:2.3:a:booster:booster_plus_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "661B4161-82B8-4640-BC39-372E43C0D948", "versionEndExcluding": "6.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}