exploitDog

GHSA-hw85-hp8p-j3g9

Опубликовано: 16 янв. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

Ссылки

EPSS

Процентиль: 66%

0.00515

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2023-6824

CVSS3: 6.5

nvd

около 2 лет назад

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

EPSS

Процентиль: 66%

0.00515

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-639