A high-severity vulnerability has been identified in the Booster for WooCommerce WordPress plugin, which could allow an unauthenticated attacker to upload arbitrary files to the server. Successful exploitation could lead to complete system compromise, allowing an attacker to execute malicious code, steal sensitive data, or deface the website. Organizations using the affected plugin are at significant risk and should take immediate action to mitigate this threat.

The vulnerability exists within the add_files_to_order function of the Booster for WooCommerce plugin. The function fails to properly validate the types of files being uploaded, creating an arbitrary file upload vulnerability. An attacker can exploit this by crafting a request to upload a malicious file with a dangerous extension (e.g., .php) disguised as a legitimate file, which is then saved to the web server. This allows the attacker to achieve remote code execution by subsequently accessing the uploaded file via a web browser.

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit could have a severe impact on the business, leading to a full compromise of the web server. Potential consequences include theft of sensitive customer data (including personal information and payment details), website defacement, reputational damage, and loss of customer trust. The compromised server could also be used to host malware or launch further attacks against other systems within the organization's network.

Immediate Action: The primary remediation is to update the Booster for WooCommerce plugin to the latest available version, which contains a patch for this vulnerability. If the plugin is no longer required for business operations, it should be deactivated and completely removed from the WordPress installation to eliminate the attack surface.

Proactive Monitoring: Monitor web server logs for suspicious POST requests to endpoints associated with the plugin's file upload functionality. Check file system upload directories for any unexpected or non-image files, particularly those with executable extensions like .php, .phtml, or .sh. Monitor for unusual outbound network traffic from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to block the upload of executable file types. Additionally, configure the web server to disallow script execution in directories where files are uploaded. File integrity monitoring (FIM) can also be used to detect the creation of unauthorized files on the server.

Public Exploit Available: false

Given the high CVSS score of 8.1 and the potential for complete server compromise, it is strongly recommended that organizations identify all instances of the vulnerable "Booster for WooCommerce" plugin and apply the necessary updates immediately. Although this CVE is not currently listed on the CISA KEV list, its severity warrants urgent attention. Prioritize patching on all internet-facing production systems to prevent potential exploitation.