CVE-2023-4796
Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.
| CWE | CWE-200 |
| Vendor | pluggabl |
| Product | booster for woocommerce – pdf invoices, abandoned cart, variation swatches & 100+ tools |
| Published | Oct 20, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for pluggabl booster for woocommerce – pdf invoices, abandoned cart, variation swatches & 100+ tools
Be the first to know when new medium vulnerabilities affecting pluggabl booster for woocommerce – pdf invoices, abandoned cart, variation swatches & 100+ tools are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
pluggabl / Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
0 ≤ 7.1.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.0/includes/shortcodes/class-wcj-general-shortcodes.php#L450 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2966325/woocommerce-jetpack#file1
Credits
István Márton