CVE-2021-25000: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-25000 is a Reflected Cross-Site Scripting (XSS) issue discovered in Booster for WooCommerce plugin versions below 5.4.9. The vulnerability was publicly disclosed on December 1, 2021, and affects the plugin's General module functionality in the WordPress admin dashboard (WPScan).

The vulnerability occurs when the General module is enabled in the plugin. The issue stems from improper sanitization and escaping of the 'wcjdeleterole' parameter in the admin dashboard. When this parameter is processed, its value is output directly without proper security controls, enabling a reflected XSS attack. The vulnerability has been assigned a CVSS score of 8.8 (High) and is classified under CWE-79 (WPScan).

If exploited, this vulnerability allows attackers to execute arbitrary JavaScript code in the context of the admin dashboard. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the administrator's browser session (WPScan).

The vulnerability has been patched in version 5.4.9 of the Booster for WooCommerce plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).