exploitDog

CVE-2023-6824

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

Ссылки

https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/
Third Party Advisory
https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:*

Версия до 8.2.1 (исключая)

EPSS

Процентиль: 66%

0.00515

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-639

Связанные уязвимости

GHSA-hw85-hp8p-j3g9

CVSS3: 6.5

github

около 2 лет назад

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

EPSS

Процентиль: 66%

0.00515

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-639