Lucene search
WPScanCVE-2024-1756HistoryApr 24, 2024 - 5:15 a.m.
CVE-2024-1756
2024-04-2405:15:47
WPScan
web.nvd.nist.gov
31
woocommerce
customers manager
wordpress
plugin
vulnerability
authorization
csrf
ajax action
authenticated users
subscriber
customer email addresses
id
first name
last name
The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name
Affected configurations
Node
woocommercewoocommerce_customers_managerRange<29.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| woocommerce | woocommerce_customers_manager | * | cpe:2.3:a:woocommerce:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WooCommerce Customers Manager",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "29.8"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-1756
2024-04-24 05:15:47
wpexploit
wpexploit
WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
2024-04-02 00:00:00
wpvulndb
wpvulndb
WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
2024-04-02 00:00:00
cvelist
cvelist
vulnrichment
vulnrichment
wordfence
wordfence