WordPress WooCommerce Customers Manager plugin < 30.1 - Bulk Action via CSRF vulnerability

Bulk Action via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WooCommerce Customers Manager versions 30.1...

CVE-2025-13369

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...

CVE-2025-13369

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...

CVE-2024-2843

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks...

CVE-2025-13369

CVE-2025-13369 concerns Premmerce WooCommerce Customers Manager for WordPress. The Wordfence report confirms a Reflected Cross-Site Scripting (XSS) vulnerability in the plugin, exploitable via the money_spent_from, money_spent_to, registered_from, and registered_to parameters in all versions up t...

CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...

PT-2026-1579

Name of the Vulnerable Software and Affected Versions Premmerce WooCommerce Customers Manager plugin for WordPress versions through 1.1.14 Description The Premmerce WooCommerce Customers Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input...

WordPress plugin Premmerce WooCommerce Customers Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2024-51543

Malicious code in bioql PyPI...

CVE-2024-0399

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role...

📄 WooCommerce Customers Manager 29.4 SQL Injection

WooCommerce Customers Manager version 29.4 suffers from a remote SQL injection vulnerability. Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link:...

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection

Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link: https://codecanyon.net/item/woocommerce-customers-manager/10965432 Version: 29.4 Tested on: Ubuntu 22.04 CVE: CVE-2024-0399 SQL Injection Th...

CVE-2024-13343

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxassignnewroles function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2024-13343

CVE-2024-13343 (WooCommerce Customers Manager, WordPress) : Privilege escalation due to missing capability check in ajax_assign_new_roles() across all versions up to 31.3. Authenticated users with Subscriber-level access or higher can elevate to administrator. CVSS v3.1 base score 8.8 (HIGH) with...

CVE-2024-13343 WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxassignnewroles function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress plugin WooCommerce Customers Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WooCommerce Customers Manager plugin <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Aiden Thái An in WordPress Plugin WooCommerce Customers Manager versions = 31.3...

WordPress WooCommerce Customers Manager plugin < 30.1 - Multiple CSRF vulnerability

Multiple CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WooCommerce Customers Manager versions 30.1...

WordPress WooCommerce Customers Manager plugin < 30.2 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Customers Manager versions 30.2...

CVE-2024-3983

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks...