Browse all 17 CVE security advisories affecting Pluggabl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pluggabl is a software platform enabling third-party plugin extensions for web applications, commonly used to enhance functionality across various industries. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. With 17 CVEs recorded, these issues have allowed attackers to execute arbitrary code, steal session cookies, and elevate privileges to administrative levels. Notable incidents include multiple RCE flaws in plugin loading mechanisms and persistent XSS vulnerabilities in user-generated content handling, highlighting ongoing security challenges in its architecture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-13342 | Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-434 | 8.1 | High | 2025-08-29 |
| CVE-2024-12278 | Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 | 7.2 | High | 2025-04-01 |
| CVE-2024-9170 | Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 | 5.5 | Medium | 2024-11-26 |
| CVE-2024-9239 | Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 | 6.1 | Medium | 2024-11-20 |
| CVE-2024-3957 | Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-94 | 6.5 | Medium | 2024-05-02 |
| CVE-2024-1534 | Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-20 | 6.4 | Medium | 2024-03-07 |
| CVE-2024-1054 | Booster for WooCommerce <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 | 6.4 | Medium | 2024-02-20 |
| CVE-2023-4796 | Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-200 | 4.3 | Medium | 2023-10-20 |
| CVE-2023-5638 | Booster for WooCommerce <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 | 6.4 | Medium | 2023-10-19 |
| CVE-2023-4945 | Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 | 6.4 | Medium | 2023-09-14 |
This page lists every published CVE security advisory associated with Pluggabl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.