Export limit exceeded: 362049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1747 | 2 Vanquish, Woocommerce | 2 Woocommerce Customers Manager, Woocommerce Customers Manager | 2025-05-29 | 6.5 Medium |
| The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values. | ||||
| CVE-2024-2843 | 2 Vanquish, Woocommerce | 2 Woocommerce Customers Manager, Woocommerce Customers Manager | 2025-05-29 | 6.5 Medium |
| The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks | ||||
| CVE-2024-3983 | 2 Vanquish, Woocommerce | 2 Woocommerce Customers Manager, Woocommerce Customers Manager | 2025-05-29 | 8.1 High |
| The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks | ||||
| CVE-2024-0399 | 2 Vanquish, Woocommerce | 2 Woocommerce Customers Manager, Woocommerce Customers Manager | 2025-04-07 | 8.1 High |
| The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. | ||||
Page 1 of 1.