CVE-2023-4796 in Booster for WooCommerce Plugin
Summary
by MITRE • 10/25/2023
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/10/2026
The vulnerability identified as CVE-2023-4796 affects the Booster for WooCommerce plugin, a popular WordPress extension that enhances e-commerce functionality. This security flaw exists within versions up to and including 7.1.0, representing a significant risk to WordPress sites that utilize this plugin. The issue stems from inadequate access controls within the plugin's shortcode implementation, specifically the 'wcj_wp_option' shortcode which is designed to retrieve WordPress options but lacks proper authentication and authorization checks.
The technical flaw manifests through the improper handling of user permissions within the shortcode functionality. When authenticated users with subscriber-level privileges or higher access the 'wcj_wp_option' shortcode, they can exploit the vulnerability to extract arbitrary WordPress site options that should normally be restricted to administrators. This represents a classic privilege escalation vulnerability where a lower-privileged user can access data that should require higher administrative permissions. The vulnerability falls under CWE-284 which categorizes improper access control issues, specifically dealing with insufficient access control mechanisms that allow unauthorized information disclosure.
The operational impact of this vulnerability is substantial as it enables attackers to gather sensitive information about the WordPress installation and potentially the broader infrastructure. Attackers can extract configuration settings, database credentials, API keys, and other potentially sensitive data that could be used for further attacks or system compromise. The vulnerability affects any WordPress site running the affected plugin version, making it particularly dangerous in environments where multiple users have subscriber accounts or where user registration is open. This information disclosure could lead to additional security breaches, including but not limited to credential theft, system enumeration, and targeted attacks against the WordPress installation.
Mitigation strategies should prioritize immediate plugin updates to versions that address the access control flaw, as developers have likely released patches to resolve the issue. Organizations should also implement network-level restrictions and monitor for suspicious shortcode usage patterns within their WordPress installations. Security administrators should review user roles and permissions to ensure that subscribers and other low-privileged users cannot access functionality that could be exploited. The ATT&CK framework categorizes this type of vulnerability under T1213 - Data from Information Repositories, where attackers gather information about the target environment through accessible data sources. Additionally, implementing proper input validation and output encoding for shortcode parameters would prevent similar issues in the future, as recommended by OWASP guidelines for preventing information disclosure vulnerabilities. Regular security audits of WordPress plugins and maintaining updated security practices are essential for preventing such access control bypass scenarios.