CVE-2022-3763 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting multiple versions of the Booster for WooCommerce WordPress plugin, specifically versions prior to 5.6.7 for Booster for WooCommerce, prior to 5.6.5 for Booster Plus, and prior to 1.1.7 for Booster Elite. The vulnerability arises because these plugin versions lack proper CSRF protections when handling requests to delete files uploaded during the checkout process. This absence of CSRF validation means that an attacker can craft a malicious web request that, when executed by an authenticated user with shop manager or administrator privileges, triggers the deletion of uploaded files without the user’s consent or knowledge. The vulnerability is exploitable remotely over the network (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R), such as the victim visiting a malicious webpage while logged into the vulnerable WooCommerce site. The impact includes integrity and availability loss, as attackers can delete critical uploaded files, potentially disrupting order processing or causing data loss. The CVSS 3.1 base score is 8.1, reflecting the high impact and relatively low complexity of exploitation. No known exploits in the wild have been reported as of the publication date. The vulnerability is classified under CWE-352, which covers CSRF attacks that exploit the trust a web application places in the user's browser. Since WooCommerce is a widely used e-commerce platform on WordPress, and Booster for WooCommerce is a popular plugin that extends its functionality, this vulnerability poses a significant risk to online shops using these versions. Attackers could leverage this flaw to delete files critical to order fulfillment or customer data, causing operational disruption and potential reputational damage.

For European organizations operating e-commerce websites using WooCommerce with the affected Booster plugin versions, this vulnerability could lead to unauthorized deletion of uploaded files during checkout, such as customer documents, order attachments, or other critical data. This can disrupt business operations, cause loss of customer trust, and potentially violate data protection regulations like GDPR if personal data is lost or mishandled. The integrity and availability of the e-commerce platform are at risk, potentially leading to financial losses and operational downtime. Since the attack requires a logged-in shop manager or admin to be tricked into visiting a malicious page, insider threat vectors or social engineering could be exploited by attackers. Given the widespread adoption of WooCommerce in Europe, especially among small and medium-sized enterprises, the impact could be significant if not mitigated promptly.

European organizations should immediately verify the version of Booster for WooCommerce plugins in use and upgrade to the patched versions: 5.6.7 or later for Booster for WooCommerce, 5.6.5 or later for Booster Plus, and 1.1.7 or later for Booster Elite. If immediate patching is not feasible, organizations should implement compensating controls such as restricting administrative access to trusted networks or VPNs, enforcing multi-factor authentication for admin accounts, and educating shop managers and admins about the risks of clicking unknown links while logged into the admin panel. Additionally, implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious CSRF-like requests targeting file deletion endpoints can reduce risk. Regular backups of uploaded files and order data should be maintained to enable recovery in case of malicious deletion. Monitoring logs for unusual deletion activities and user behavior analytics can help detect exploitation attempts early.