WordPress WP Customer Area plugin < 8.2.1 - Subscriber+ Account Address Update vulnerability

Subscriber+ Account Address Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin WP Customer Area versions 8.2.1...

CVE-2023-6741 WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address...