Lucene search
HistoryApr 24, 2024 - 5:15 a.m.
CVE-2024-1756
woocommerce
customers manager
wordpress
plugin
vulnerability
authorization
csrf
ajax action
authenticated users
subscriber
customer email addresses
id
first name
last name
The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name
Affected configurations
Node
piwebsolutionexport_customers_list_csv_for_woocommerceRange<29.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| piwebsolution | export_customers_list_csv_for_woocommerce | * | cpe:2.3:a:piwebsolution:export_customers_list_csv_for_woocommerce:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WooCommerce Customers Manager",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "29.8"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
2024-04-02 00:00:00
cvelist
cvelist
wpexploit
wpexploit
WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
2024-04-02 00:00:00
nvd
nvd
CVE-2024-1756
2024-04-24 05:15:47
wordfence
wordfence