Back

CVE-2024-1756

April 24, 2024, 1:39 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

WooCommerce Customers Manager WordPress plugin

  • before 29.8

Source

contact@wpscan.com

Tags

CVE-2024-1756 details

Published : April 24, 2024, 5:15 a.m.
Last Modified : April 24, 2024, 1:39 p.m.

Description

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://wpscan.com/vulnerability/0baedd8d-2bbe-4091-bec4-f99e25d7290d/ contact@wpscan.com
This website uses the NVD API, but is not approved or certified by it.