Threat Entry Updated 2025-05-07

CVE-2024-1756 - Before 29 Plugin

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

PLUGIN Before 29

CVE-2024-1756

MEDIUM CVSS 6.5 2024-04-24

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-07

CVE-2024-1743 - Before 29 Plugin

The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Before 29

CVE-2024-1743

MEDIUM CVSS 5.9 2024-04-24

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-04-07

CVE-2024-0399 - Before 29 Plugin

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

PLUGIN Before 29

CVE-2024-0399

HIGH CVSS 8.1 2024-04-15

Risk Score

Open Full Technical Breakdown