34 matches found
CVE-2025-13369
The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...
CVE-2024-2843
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks...
CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting
The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...
WordPress plugin Premmerce WooCommerce Customers Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2024-51543
Malicious code in bioql PyPI...
CVE-2024-0399
The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role...
📄 WooCommerce Customers Manager 29.4 SQL Injection
WooCommerce Customers Manager version 29.4 suffers from a remote SQL injection vulnerability. Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link:...
WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link: https://codecanyon.net/item/woocommerce-customers-manager/10965432 Version: 29.4 Tested on: Ubuntu 22.04 CVE: CVE-2024-0399 SQL Injection Th...
CVE-2024-13343
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxassignnewroles function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-13343
CVE-2024-13343 (WooCommerce Customers Manager, WordPress) : Privilege escalation due to missing capability check in ajax_assign_new_roles() across all versions up to 31.3. Authenticated users with Subscriber-level access or higher can elevate to administrator. CVSS v3.1 base score 8.8 (HIGH) with...
CVE-2024-13343 WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxassignnewroles function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
WordPress plugin WooCommerce Customers Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WooCommerce Customers Manager plugin <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Aiden Thái An in WordPress Plugin WooCommerce Customers Manager versions = 31.3...
WordPress WooCommerce Customers Manager plugin < 30.2 - Subscriber+ Stored XSS vulnerability
Subscriber+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Customers Manager versions 30.2...
CVE-2024-2843
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks...
CVE-2024-1747
CVE-2024-1747 concerns the WooCommerce Customers Manager WordPress plugin. Multiple sources (NVD/Red Hat/CVE records) describe that products before version 30.2 suffer from missing authorization checks and CSRF protections in various AJAX actions, allowing authenticated users (e.g., subscribers) ...
WordPress WooCommerce Customers Manager Plugin < 30.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce Customers Manager Type Plugin Vulnerable versions 30.1 Fixed in 30.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2843 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5b5817f75d9e Credits Bob Matyas...
WordPress plugin WooCommerce Customers Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WooCommerce Customers Manager Plugin < 30.2 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Customers Manager Type Plugin Vulnerable versions 30.2 Fixed in 30.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1747 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e74aefc31812 Credits Erwan LR...
PT-2024-18272 · WordPress · Woocommerce Customers Manager
Name of the Vulnerable Software and Affected Versions: WooCommerce Customers Manager WordPress plugin versions prior to 30.2 Description: The issue concerns a lack of authorization and CSRF protection in various AJAX actions within the plugin, allowing any authenticated user to update, delete, or...