6.5
CVE-2024-2843
- EPSS 0.13%
- Veröffentlicht 01.08.2024 06:15:02
- Zuletzt bearbeitet 29.05.2025 17:23:03
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks
Mögliche Gegenmaßnahme
WooCommerce Customers Manager: Update to version 30.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooCommerce Customers Manager
Version
[*, 30.1)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vanquish ≫ Woocommerce Customers Manager SwPlatformwordpress Version < 30.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.338 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.