The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/ | Third Party Advisory |
https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/ - Third Party Advisory |
22 Oct 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 |
23 Jan 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:* | |
References | () https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/ - Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
16 Jan 2024, 23:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 16:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6824
Mitre link : CVE-2023-6824
CVE.ORG link : CVE-2023-6824
JSON object : View
Products Affected
marvinlabs
- wp_customer_area
CWE