CVE-2024-1756

Exploit

EPSS 0.08%
Veröffentlicht 24.04.2024 05:15:47
Zuletzt bearbeitet 07.05.2025 18:00:10
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

Mögliche Gegenmaßnahme

WooCommerce Customers Manager: Update to version 29.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WooCommerce Customers Manager

Version * - 29.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vanquish ≫ Woocommerce Customers Manager SwPlatformwordpress Version < 29.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.25

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://wpscan.com/vulnerability/0baedd8d-2bbe-4091-bec4-f99e25d7290d/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/e904a619-4388-4c83-af7b-9642cb0b97c0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1756

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1756

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1756

EUVD