CVE-2023-4796

Published: Oct 20, 2023Modified: Apr 8, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.

Affected (1)

Products: Booster: Booster For Woocommerce

1 product

Booster For Woocommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Booster Booster For Woocommerce	Before 7.1.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.0/includes/shortcodes/class-wcj-general-shortcodes.php#L450

Source: security@wordfence.com

Exploit

https://plugins.trac.wordpress.org/changeset/2966325/woocommerce-jetpack#file1

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve

Source: security@wordfence.com

PatchThird Party Advisory

https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.0/includes/shortcodes/class-wcj-general-shortcodes.php#L450

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://plugins.trac.wordpress.org/changeset/2966325/woocommerce-jetpack#file1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.