Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pluggabl — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting pluggabl. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pluggabl is a software platform enabling third-party plugin extensions for web applications, commonly used to enhance functionality across various industries. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. With 17 CVEs recorded, these issues have allowed attackers to execute arbitrary code, steal session cookies, and elevate privileges to administrative levels. Notable incidents include multiple RCE flaws in plugin loading mechanisms and persistent XSS vulnerabilities in user-generated content handling, highlighting ongoing security challenges in its architecture.

Top products by pluggabl: Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools Booster for WooCommerce Booster Elite for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability — Booster for WooCommerceCWE-862 5.3 Medium2026-03-17
CVE-2025-64380 WordPress Booster for WooCommerce plugin <= 7.3.2 - Cross Site Scripting (XSS) vulnerability — Booster for WooCommerceCWE-79 6.5 Medium2025-11-13
CVE-2025-64379 WordPress Booster for WooCommerce plugin <= 7.4.0 - Broken Access Control vulnerability — Booster for WooCommerceCWE-862 4.3 Medium2025-11-13
CVE-2025-64196 WordPress Booster for WooCommerce plugin <= 7.2.5 - Cross Site Scripting (XSS) vulnerability — Booster for WooCommerceCWE-79 7.1 High2025-11-06
CVE-2024-13342 Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-434 8.1 High2025-08-29
CVE-2024-13708 Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerceCWE-434 7.2 High2025-04-04
CVE-2024-13744 Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload — Booster for WooCommerceCWE-434 8.1 High2025-04-04
CVE-2024-12278 Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 7.2 High2025-04-01
CVE-2024-9170 Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 5.5 Medium2024-11-26
CVE-2024-9239 Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 6.1 Medium2024-11-20
CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-94 6.5 Medium2024-05-02
CVE-2024-1986 Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload — Booster Elite for WooCommerceCWE-434 8.8 High2024-03-07
CVE-2024-1534 Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-20 6.4 Medium2024-03-07
CVE-2024-1054 Booster for WooCommerce <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 6.4 Medium2024-02-20
CVE-2023-4796 Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-200 4.3 Medium2023-10-20
CVE-2023-5638 Booster for WooCommerce <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 6.4 Medium2023-10-19
CVE-2023-4945 Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 6.4 Medium2023-09-14

This page lists every published CVE security advisory associated with pluggabl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.