CVE Catalog

CVE-2026-56027

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Summary

The Booster for WooCommerce plugin version 8.0.1 and earlier allows unauthorized arbitrary file upload by customers. This vulnerability can be exploited to upload malicious software to the server.

Risk Assessment

An attacker can upload arbitrary files, including executable scripts, which may lead to server compromise, data theft, or further attack propagation within the network.

Recommendation

Immediately update the Booster for WooCommerce plugin to the latest available version that fixes this vulnerability. Restrict file upload permissions to trusted users only.

Original NVD description (English source)

Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS