CVE-2023-6824 WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak

2024-01-1615:57:00

WPScan

www.cve.org

cve-2023

wordpress plugin

user validation

ajax actions

account address leak

0.0005 Low

EPSS

Percentile

18.3%

JSON

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user’s account address.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Customer Area",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "8.2.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVELIST:CVE-2023-6824