exploitDog

CVE-2024-1756

Опубликовано: 24 апр. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

Ссылки

https://wpscan.com/vulnerability/0baedd8d-2bbe-4091-bec4-f99e25d7290d/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0baedd8d-2bbe-4091-bec4-f99e25d7290d/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*

Версия до 29.8 (исключая)

EPSS

Процентиль: 24%

0.00082

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-j23h-727c-9qvf

CVSS3: 6.5

github

почти 2 года назад

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

EPSS

Процентиль: 24%

0.00082

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352