Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2023-6824
wp customer area
wordpress
cve-2023-6824
security vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
18.3%
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user’s account address.
Affected configurations
Node
wp-customerareawp_customer_areaRange<8.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp\-customerarea | wp_customer_area | * | cpe:2.3:a:wp\-customerarea:wp_customer_area:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Customer Area",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "8.2.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Code injection
2024-01-16 16:15:00
cvelist
cvelist
CVE-2023-6824 WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
2024-01-16 15:57:00
wpvulndb
wpvulndb
WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
2024-01-10 00:00:00
wpexploit
wpexploit
WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
2024-01-10 00:00:00
nvd
nvd
CVE-2023-6824
2024-01-16 16:15:13
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
18.3%
Related for CVE-2023-6824