CVE-2024-0399

2024-04-1505:15:14

WPScan

web.nvd.nist.gov

organization individual details nvd

AI Score

9.6

Confidence

High

EPSS

Percentile

9.0%

JSON

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

Affected configurations

Vulners

Vulnrichment

Node

woocommercewoocommerce_customers_managerRange<29.7wordpress

VendorProductVersionCPE
woocommercewoocommerce_customers_manager*cpe:2.3:a:woocommerce:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
woocommerce	woocommerce_customers_manager	*	cpe:2.3:a:woocommerce:woocommerce_customers_manager::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WooCommerce Customers Manager",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "29.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]