Description

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks

Related CPE's

a

vanquish

woocommerce_customers_manager

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/fec4e077-4c4e-4618-bfe8-61fdba59b696/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-08-01T06:15:02.367

1 year ago

Last modified

2025-05-29T17:23:03.117

6 months ago