VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 31 known issues Latest disclosed Mar 17, 2026

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Vulnerabilities

Review known vulnerability records for the WordPress plugin Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools (`woocommerce-jetpack`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-32586, CVE-2025-64379 and CVE-2025-64380, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
31
High or Critical
9
Patch Coverage
100%
Last Updated
Mar 27, 2026
Priority CVE Quick Links

Fast paths into Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
26
CVE-2021-34646 Critical 5.4.4
CVE-2021-34646 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Vulnerability

Booster for WooCommerce <= 5.4.3 - Authentication Bypass

CVE-2022-41805 High 5.6.7
CVE-2022-41805 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Cross-Site Request Forgery

Booster for WooCommerce <= 5.6.6 - Cross-Site Request Forgery

CVE-2024-13342 High 7.2.5
CVE-2024-13342 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Remote Code Execution

Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload

CVE-2024-13744 High 7.2.5
CVE-2024-13744 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Remote Code Execution

Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload

CVE-2024-13708 High 7.2.5
CVE-2024-13708 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools File Upload

Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-12278 High 7.2.5
CVE-2024-12278 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Stored Cross-Site Scripting

Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-3957 Medium 7.1.9
CVE-2024-3957 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Vulnerability

Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

CVE-2025-64380 Medium 7.4.0
CVE-2025-64380 Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Stored Cross-Site Scripting

Booster for WooCommerce <= 7.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
31 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 8 high severity findings.
Recent CVEs
CVE-2026-32586, CVE-2025-64379 and CVE-2025-64380
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-32586
CVE-2026-32586: Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools < 7.11.3 - Missing Authorization

The Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 7.11.3 (exclusive). This makes it possible for unauthenticat...

Published
Mar 17, 2026
Patched Release
7.11.3
Affected Versions
Versions before 7.11.3
Next Step
Update to 7.11.3 or newer if supported.
Open CVE-2026-32586 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-64379
CVE-2025-64379: Booster for WooCommerce <= 7.4.0 - Missing Authorization

The Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.4.0. This makes it possible for authentica...

Published
Oct 30, 2025
Patched Release
7.5.0
Affected Versions
Versions up to 7.4.0
Next Step
Update to 7.5.0 or newer if supported.
Open CVE-2025-64379 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-64380
CVE-2025-64380: Booster for WooCommerce <= 7.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

Published
Oct 18, 2025
Patched Release
7.4.0
Affected Versions
Versions up to 7.3.2
Next Step
Update to 7.4.0 or newer if supported.
Open CVE-2025-64380 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13342
CVE-2024-13342: Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary...

Published
Aug 28, 2025
Patched Release
7.2.5
Affected Versions
Versions up to 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2024-13342 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-64196
CVE-2025-64196: Booster for WooCommerce <= 7.2.5 - Reflected Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

Published
Apr 22, 2025
Patched Release
7.2.6
Affected Versions
Versions up to 7.2.5
Next Step
Update to 7.2.6 or newer if supported.
Open CVE-2025-64196 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13708
CVE-2024-13708: Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

Published
Apr 03, 2025
Patched Release
7.2.5
Affected Versions
4.0.1 through 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2024-13708 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13744
CVE-2024-13744: Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arb...

Published
Apr 03, 2025
Patched Release
7.2.5
Affected Versions
4.0.1 through 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2024-13744 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-12278
CVE-2024-12278: Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This...

Published
Mar 31, 2025
Patched Release
7.2.5
Affected Versions
Versions up to 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2024-12278 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9170
CVE-2024-9170: Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

Published
Nov 25, 2024
Patched Release
7.2.4
Affected Versions
Versions up to 7.2.3
Next Step
Update to 7.2.4 or newer if supported.
Open CVE-2024-9170 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9239
CVE-2024-9239: Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated atta...

Published
Nov 19, 2024
Patched Release
7.2.4
Affected Versions
Versions up to 7.2.3
Next Step
Update to 7.2.4 or newer if supported.
Open CVE-2024-9239 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3957
CVE-2024-3957: Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are inst...

Published
May 01, 2024
Patched Release
7.1.9
Affected Versions
Versions up to 7.1.8
Next Step
Update to 7.1.9 or newer if supported.
Open CVE-2024-3957 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-29760
CVE-2024-29760: Booster for WooCommerce <= 7.1.7 - Reflected Cross-Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

Published
Mar 25, 2024
Patched Release
7.1.8
Affected Versions
Versions up to 7.1.7
Next Step
Update to 7.1.8 or newer if supported.
Open CVE-2024-29760 Report Open CVE Reference