VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Apr 17, 2025

Booster Plus for WooCommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin Booster Plus for WooCommerce (`booster-plus-for-woocommerce`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-39446, CVE-2023-52231 and CVE-2023-52232, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
1
Patch Coverage
100%
Last Updated
Apr 21, 2025
Priority CVE Quick Links

Fast paths into Booster Plus for WooCommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2022-3763 High 5.6.5
CVE-2022-3763 Booster Plus for WooCommerce Cross-Site Request Forgery

Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion

CVE-2022-3762 Medium 5.6.5
CVE-2022-3762 Booster Plus for WooCommerce Vulnerability

Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download

CVE-2025-39446 Medium 7.2.5
CVE-2025-39446 Booster Plus for WooCommerce Cross-Site Scripting

Booster Plus for WooCommerce <= 7.2.4 - Reflected Cross-Site Scripting

CVE-2022-4227 Medium 6.0.0
CVE-2022-4227 Booster Plus for WooCommerce Cross-Site Scripting

Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting

CVE-2022-4017 Medium 6.0.1
CVE-2022-4017 Booster Plus for WooCommerce Cross-Site Request Forgery

Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery

CVE-2022-4016 Medium 5.6.6
CVE-2022-4016 Booster Plus for WooCommerce Cross-Site Request Forgery

Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion

CVE-2023-52231 Medium 7.1.2
CVE-2023-52231 Booster Plus for WooCommerce Vulnerability

Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure

CVE-2023-52232 Medium 7.1.2
CVE-2023-52232 Booster Plus for WooCommerce Vulnerability

Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Booster Plus for WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2025-39446, CVE-2023-52231 and CVE-2023-52232
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Booster Plus for WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-39446
CVE-2025-39446: Booster Plus for WooCommerce <= 7.2.4 - Reflected Cross-Site Scripting

The Booster Plus for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

Published
Apr 17, 2025
Patched Release
7.2.5
Affected Versions
Versions up to 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2025-39446 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-52231
CVE-2023-52231: Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure

The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with susbcriber-level access an...

Published
Jan 05, 2024
Patched Release
7.1.2
Affected Versions
Versions before 7.1.2
Next Step
Update to 7.1.2 or newer if supported.
Open CVE-2023-52231 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-52232
CVE-2023-52232: Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion

The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access and...

Published
Jan 05, 2024
Patched Release
7.1.2
Affected Versions
Versions before 7.1.2
Next Step
Update to 7.1.2 or newer if supported.
Open CVE-2023-52232 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-52230
CVE-2023-52230: Booster Plus for WooCommerce < 7.1.3 - Missing Authorization to Arbitrary Options Disclosure

The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.3 (exclusive). This makes it possible for authenticated attackers, with subscriber-level access an...

Published
Jan 05, 2024
Patched Release
7.1.3
Affected Versions
Versions before 7.1.3
Next Step
Update to 7.1.3 or newer if supported.
Open CVE-2023-52230 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4017
CVE-2022-4017: Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery

The Booster plugins (Booster, Booster Plus, and Booster Elite) for WordPress are vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0.0 (Booster), 6.0.0 (Plus), and 6.0.0 (Elite). This is due to missing or incorrect nonce validation on several functions....

Published
Jan 02, 2023
Patched Release
6.0.1
Affected Versions
Versions up to 6.0.0
Next Step
Update to 6.0.1 or newer if supported.
Open CVE-2022-4017 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4227
CVE-2022-4227: Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting

The Booster plugins (Booster, Booster Plus, and Booster Elite) for WordPress are vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.6.2 (Booster), as well as versions below 6.0.0 (Plus and Elite). This is due to insufficient input sanitization and ou...

Published
Dec 05, 2022
Patched Release
6.0.0
Affected Versions
Versions before 6.0.0
Next Step
Update to 6.0.0 or newer if supported.
Open CVE-2022-4227 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4016
CVE-2022-4016: Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion

The Booster plugins (Booster, Booster Plus, and Booster Elite) for WordPress are vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.6 (Booster), 5.6.5 (Plus), and 1.1.7 (Elite). This is due to missing or incorrect nonce validation on functions such as...

Published
Nov 21, 2022
Patched Release
5.6.6
Affected Versions
Versions up to 5.6.5
Next Step
Update to 5.6.6 or newer if supported.
Open CVE-2022-4016 Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-3763
CVE-2022-3763: Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion

The Booster for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.6.6 (Free) and 5.6.4 (Premium). This is due to missing or incorrect nonce validation when deleting files uploaded during checkout. This makes it possib...

Published
Oct 31, 2022
Patched Release
5.6.5
Affected Versions
Versions up to 5.6.4
Next Step
Update to 5.6.5 or newer if supported.
Open CVE-2022-3763 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-3762
CVE-2022-3762: Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file downloads due to missing sanitization and filename validation of a user-supplied parameter in versions up to, and including, 5.6.6 (5.6.4 for Booster Plus). This makes it possible for authenticated a...

Published
Oct 27, 2022
Patched Release
5.6.5
Affected Versions
Versions up to 5.6.4
Next Step
Update to 5.6.5 or newer if supported.
Open CVE-2022-3762 Report Open CVE Reference
Plugin Medium Patched: Yes
Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification

The Booster for WooCommerce plugin for WordPress is vulnerable to order modification due to a missing capability/authorization check in versions up to, and including, 5.6.2 (free) or 5.6.0 (premium). This makes it possible for authenticated attackers, with subscriber-level permis...

Published
Sep 19, 2022
Patched Release
5.6.1
Affected Versions
Versions up to 5.6.0
Next Step
Update to 5.6.1 or newer if supported.
Open Full Report