The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name
CVSS
No CVSS.
References
Configurations
No configuration.
History
24 Apr 2024, 13:39
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
24 Apr 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-24 05:15
Updated : 2024-04-24 13:39
NVD link : CVE-2024-1756
Mitre link : CVE-2024-1756
CVE.ORG link : CVE-2024-1756
JSON object : View
Products Affected
No product.
CWE
No CWE.