CVE-2023-6741 WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

2024-01-1615:56:59

WPScan

www.cve.org

wordpress

plugin

security vulnerability

account address

csrf

ajax

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users’ account address.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Customer Area",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "8.2.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]