CVE-2022-41805: WordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Verified

Fixed

5.4

CVSS 3.1 score Medium severity

Report

Monitoring Not reported to be exploited

Vulnerable versions

<= 5.6.6

PSID

e456ddc909a8

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Publicly disclosed

2022-10-28

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin settings reset discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Booster for WooCommerce plugin (versions <= 5.6.6).

Solution

Update the WordPress Booster for WooCommerce plugin to the latest available version (at least 5.6.7).

References