Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical0
High3
Medium4
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2025-02-24

CVE-2024-13343 - Woocommerce Customers Manager Plugin

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

PLUGIN Woocommerce Customers Manager

CVE-2024-13343

HIGH CVSS 8.8 2025-02-01
Open Full Technical Breakdown
Threat Entry Updated 2025-05-29

CVE-2024-3983 - Woocommerce Customers Manager Plugin

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks

PLUGIN Woocommerce Customers Manager

CVE-2024-3983

HIGH CVSS 8.1 2024-08-01
Open Full Technical Breakdown
Threat Entry Updated 2025-05-29

CVE-2024-1747 - Woocommerce Customers Manager Plugin

The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values.

PLUGIN Woocommerce Customers Manager

CVE-2024-1747

MEDIUM CVSS 6.5 2024-08-01
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-1756 - Woocommerce Customers Manager Plugin

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

PLUGIN Woocommerce Customers Manager

CVE-2024-1756

MEDIUM CVSS 6.5 2024-04-24
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-1743 - Woocommerce Customers Manager Plugin

The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Woocommerce Customers Manager

CVE-2024-1743

MEDIUM CVSS 5.9 2024-04-24
Open Full Technical Breakdown
Threat Entry Updated 2025-04-07

CVE-2024-0399 - Woocommerce Customers Manager Plugin

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

PLUGIN Woocommerce Customers Manager

CVE-2024-0399

HIGH CVSS 8.1 2024-04-15
Open Full Technical Breakdown
Scroll to top