Filtered by vendor Vanquish
Subscriptions
Filtered by product Woocommerce Customers Manager
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1743 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-05-07 | 5.9 Medium |
| The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-1756 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-05-07 | 6.5 Medium |
| The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name | ||||
| CVE-2024-0399 | 2 Vanquish, Woocommerce | 2 Woocommerce Customers Manager, Woocommerce Customers Manager | 2025-04-07 | 8.1 High |
| The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. | ||||
| CVE-2024-13343 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-02-24 | 8.8 High |
| The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | ||||
Page 1 of 1.