CVE-2024-13343

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*

History

24 Feb 2025, 16:21

Type Values Removed Values Added
First Time Vanquish woocommerce Customers Manager
Vanquish
CPE cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*
CWE CWE-862
References () https://codecanyon.net/item/woocommerce-customers-manager/10965432 - () https://codecanyon.net/item/woocommerce-customers-manager/10965432 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/193c9fe9-17bc-47e7-b93d-dfcebcf8004d?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/193c9fe9-17bc-47e7-b93d-dfcebcf8004d?source=cve - Third Party Advisory
Summary
  • (es) El complemento WooCommerce Customers Manager para WordPress es vulnerable a la escalada de privilegios debido a una verificación de capacidad faltante en la función ajax_assign_new_roles() en todas las versiones hasta la 31.3 y incluida. Esto permite que los atacantes autenticados, con acceso de nivel de suscriptor y superior, eleven sus privilegios a los de un administrador.

01 Feb 2025, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-01 04:15

Updated : 2025-02-24 16:21


NVD link : CVE-2024-13343

Mitre link : CVE-2024-13343

CVE.ORG link : CVE-2024-13343


JSON object : View

Products Affected

vanquish

  • woocommerce_customers_manager
CWE
CWE-269

Improper Privilege Management

CWE-862

Missing Authorization