nvd-json-data-feeds/CVE-2022/CVE-2022-37xx/CVE-2022-3763.json

{
  "id": "CVE-2022-3763",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2022-11-21T11:15:21.107",
  "lastModified": "2024-11-21T07:20:11.920",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack"
    },
    {
      "lang": "es",
      "value": "El complemento de WordPress Booster para WooCommerce anterior a 5.6.7, el complemento de WordPress Booster Plus para WooCommerce anterior a 5.6.5, el complemento de WordPress Booster Elite para WooCommerce anterior a 1.1.7 no tienen verificaci\u00f3n CSRF al eliminar archivos cargados en la caja, lo que permite a los atacantes hacer que un administrador o administrador de la tienda que haya iniciado sesi\u00f3n los elimine mediante un ataque CSRF"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2
      }
    ]
  },
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:*",
              "versionEndExcluding": "1.1.7",
              "matchCriteriaId": "C11EE041-6F7D-41A2-9CDF-0E23734B21D4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:*",
              "versionEndExcluding": "5.6.5",
              "matchCriteriaId": "3DDF2125-27BC-4444-8021-B2FCE2907F93"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "5.6.7",
              "matchCriteriaId": "E968BF40-54EE-45C0-989E-7CDA3934E9B8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2022-3763",`
			`"sourceIdentifier": "contact@wpscan.com",`
			`"published": "2022-11-21T11:15:21.107",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"lastModified": "2024-11-21T07:20:11.920",`
Auto-Update: 2023-11-07T21:02:52.274489+00:00 2023-11-07 21:03:21 +00:00			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack"`
Auto-Update: 2023-11-07T21:02:52.274489+00:00 2023-11-07 21:03:21 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "El complemento de WordPress Booster para WooCommerce anterior a 5.6.7, el complemento de WordPress Booster Plus para WooCommerce anterior a 5.6.5, el complemento de WordPress Booster Elite para WooCommerce anterior a 1.1.7 no tienen verificaci\u00f3n CSRF al eliminar archivos cargados en la caja, lo que permite a los atacantes hacer que un administrador o administrador de la tienda que haya iniciado sesi\u00f3n los elimine mediante un ataque CSRF"`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 8.1,`
			`"baseSeverity": "HIGH",`
bootstrap 2023-04-24 12:24:31 +02:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.2`
			`}`
			`]`
			`},`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:::::elite:wordpress::",`
			`"versionEndExcluding": "1.1.7",`
			`"matchCriteriaId": "C11EE041-6F7D-41A2-9CDF-0E23734B21D4"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:::::plus:wordpress::",`
			`"versionEndExcluding": "5.6.5",`
			`"matchCriteriaId": "3DDF2125-27BC-4444-8021-B2FCE2907F93"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:booster:booster_for_woocommerce::::::wordpress::*",`
			`"versionEndExcluding": "5.6.7",`
			`"matchCriteriaId": "E968BF40-54EE-45C0-989E-7CDA3934E9B8"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f",`
			`"source": "contact@wpscan.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"url": "https://wpscan.com/vulnerability/7ab15530-8321-487d-97a5-1469b51fcc3f",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`]`
			`}`