CVE-2024-3957

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-863
View all →

Vulnerability Description

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.

Related Vulnerabilities

CVE-2019-6855

HIGH
CVSS:7.3(High)

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580...

CWE-8632019

CVE-2020-4877

HIGH
CVSS:7.3(High)

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

CWE-8632020

CVE-2021-0319

HIGH
CVSS:7.3(High)

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This...

CWE-8632021

CVE-2023-5521

HIGH
CVSS:7.3(High)

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

CWE-8632023

CVE-2024-13291

HIGH
CVSS:7.3(High)

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.

CWE-8632024