Woocommerce Customers Manager Security Vulnerabilities and Issues — Woocommerce Customers Manager CVE List

Lucene search

VanquishWoocommerce Customers Manager

3 matches found

CVE•added 2024/04/15 5:15 a.m.•75 views

CVE-2024-0399

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

8.1CVSS9.6AI score0.01103EPSS

CVE•added 2024/04/24 5:15 a.m.•59 views

CVE-2024-1743

The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

5.9CVSS8.4AI score0.00043EPSS

CVE•added 2024/04/24 5:15 a.m.•55 views

CVE-2024-1756

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

6.5CVSS9.2AI score0.00083EPSS