Products
WooCommerce Customers Manager WordPress plugin
- before 29.8
Source
contact@wpscan.com
Tags
CVE-2024-1756 details
Published : April 24, 2024, 5:15 a.m.
Last Modified : April 24, 2024, 1:39 p.m.
Last Modified : April 24, 2024, 1:39 p.m.
Description
The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://wpscan.com/vulnerability/0baedd8d-2bbe-4091-bec4-f99e25d7290d/ | contact@wpscan.com |
This website uses the NVD API, but is not approved or certified by it.