The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
References
Link | Resource |
---|---|
https://codecanyon.net/item/woocommerce-customers-manager/10965432 | Product |
https://www.wordfence.com/threat-intel/vulnerabilities/id/193c9fe9-17bc-47e7-b93d-dfcebcf8004d?source=cve | Third Party Advisory |
Configurations
History
24 Feb 2025, 16:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Vanquish woocommerce Customers Manager
Vanquish |
|
CPE | cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-862 | |
References | () https://codecanyon.net/item/woocommerce-customers-manager/10965432 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/193c9fe9-17bc-47e7-b93d-dfcebcf8004d?source=cve - Third Party Advisory | |
Summary |
|
01 Feb 2025, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-02-01 04:15
Updated : 2025-02-24 16:21
NVD link : CVE-2024-13343
Mitre link : CVE-2024-13343
CVE.ORG link : CVE-2024-13343
JSON object : View
Products Affected
vanquish
- woocommerce_customers_manager