CVE-2024-1756 Vulnerability Details

  /     /     /  

CVE-2024-1756 Metadata Quick Info

CVE Published: 24/04/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: WPScan | Vendor: Unknown | Product: WooCommerce Customers Manager
Status : PUBLISHED

---

CVE-2024-1756 Description

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-200 Information Exposure
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).