CVE Catalog
CVE-2026-56027
CriticalCVSS 9.9Summary
The Booster for WooCommerce plugin version 8.0.1 and earlier allows unauthorized arbitrary file upload by customers. This vulnerability can be exploited to upload malicious software to the server.
Risk Assessment
An attacker can upload arbitrary files, including executable scripts, which may lead to server compromise, data theft, or further attack propagation within the network.
Recommendation
Immediately update the Booster for WooCommerce plugin to the latest available version that fixes this vulnerability. Restrict file upload permissions to trusted users only.
Original NVD description (English source)
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.

