- Description
- The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- booster_for_woocommerce
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
CVE-2024-13342 CVE-2024-13342: Major Security Flaw in WooCommerce Plugin... https://t.co/1W4o5jwY0X
@ThreatS95726
15 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13342 Unauthenticated Arbitrary File Upload Vulnerability in Booster for WooCommerce Plugin https://t.co/aRxjBmL5xP
@VulmonFeeds
29 Aug 2025
87 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13342 The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in a… https://t.co/yCgIKluA4o
@CVEnew
29 Aug 2025
489 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CA46802B-22FB-4739-B767-1563083D59F2",
"versionEndExcluding": "7.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]