CVE-2024-1756
April 24, 2024, 1:39 p.m.
Tags
Product(s) Impacted
WooCommerce Customers Manager WordPress plugin
- before 29.8
Description
The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name
Weaknesses
Date
Published: April 24, 2024, 5:15 a.m.
Last Modified: April 24, 2024, 1:39 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
contact@wpscan.com
References
https://wpscan.com/
contact@wpscan.com