CVE-2022-3762 is a path traversal vulnerability (CWE-22) affecting the Booster for WooCommerce WordPress plugin and its variants (Booster Plus and Booster Elite) prior to versions 5.6.7, 5.6.5, and 1.1.7 respectively. The vulnerability arises because the plugin does not properly validate file paths in certain modules responsible for file downloads. This flaw allows users with ShopManager or Admin privileges to download arbitrary files from the server, bypassing intended access restrictions. Notably, this can occur even in multisite WordPress installations where stricter file access controls are expected. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity level. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and privileges at the level of ShopManager or Admin (PR:L), but no user interaction (UI:N) is needed. The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. Exploitation would allow an attacker with elevated privileges to read sensitive files on the server, potentially exposing credentials, configuration files, or other sensitive data. There are no known exploits in the wild as of the publication date (November 21, 2022). No official patches or vendor information is provided in the data, but fixed versions are indicated by version numbers above the affected ones. This vulnerability is significant in environments where multiple users have ShopManager or Admin roles, especially in multisite setups where file access boundaries are critical. Since the flaw requires authenticated access with elevated privileges, it is not exploitable by unauthenticated attackers, but insider threats or compromised accounts pose a risk. The lack of user interaction simplifies exploitation once privileges are obtained. Overall, this vulnerability highlights the importance of strict input validation for file operations in WordPress plugins handling e-commerce functionalities.

For European organizations, especially those operating e-commerce platforms using WooCommerce with the Booster plugin, this vulnerability poses a confidentiality risk. Attackers or malicious insiders with ShopManager or Admin access could exfiltrate sensitive files such as customer data, payment information, or internal configuration files. This could lead to data breaches subject to GDPR regulations, resulting in legal and financial penalties. Multisite WordPress installations, common in large enterprises or agencies managing multiple stores, are particularly vulnerable due to the bypass of file access restrictions. The exposure of sensitive files could also facilitate further attacks, such as credential theft or lateral movement within the network. Although the vulnerability does not directly affect integrity or availability, the confidentiality breach alone can severely damage organizational reputation and trust. Given the medium CVSS score and the requirement for elevated privileges, the threat is moderate but should not be underestimated in environments with multiple administrators or where account compromise is possible. Organizations in sectors with high regulatory scrutiny (finance, healthcare, retail) should prioritize addressing this vulnerability to avoid compliance violations and data loss.

1. Upgrade the Booster for WooCommerce plugin and its variants to versions 5.6.7 (Booster), 5.6.5 (Booster Plus), or 1.1.7 (Booster Elite) or later, where the vulnerability is fixed. 2. Restrict ShopManager and Admin privileges to only trusted personnel and regularly audit user roles to minimize the number of accounts with elevated access. 3. Implement strict monitoring and logging of file download activities within WordPress and server logs to detect unusual access patterns indicative of exploitation attempts. 4. In multisite environments, review and harden file system permissions and WordPress multisite configurations to limit cross-site file access. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block path traversal attempts, although this is a secondary control given the need for authentication. 6. Conduct regular security awareness training for administrators to recognize phishing or social engineering attempts that could lead to account compromise. 7. Consider implementing multi-factor authentication (MFA) for all users with ShopManager or Admin roles to reduce the risk of credential misuse. 8. Perform periodic vulnerability scans and penetration tests focusing on WordPress plugins and file access controls to identify residual risks.