WooCommerce Customers Manager < 29.8 – Subscriber+ Email Disclosure | CVE 2024-1756

Description

The plugin does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

Proof of Concept

As a subscriber, open the following URL: https://example.com/wp-admin/admin-ajax.php?action=wccm_get_customers_list

Affects Plugins

woocommerce-customers-manager

Fixed in 29.8

References

CVE

CVE-2024-1756

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

0baedd8d-2bbe-4091-bec4-f99e25d7290d

Timeline

Publicly Published

2024-04-02 (about 1 months ago)

Added

2024-04-02 (about 1 months ago)

Last Updated

2024-04-02 (about 1 months ago)

Other

Published

Title

Published

2024-01-05

Title

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure

Published

2023-12-28

Title

404 Solution < 2.33.1 - Sensitive Information Exposure via Log File

Published

2023-12-27

Title

FastDup < 2.1.8 - Sensitive Information Exposure via Log File

Published

2022-08-01

Title

Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing

Published

2021-09-01

Title

Gutenberg Template Library & Redux Framework < 4.2.13 - Unauthenticated Sensitive Information Disclosure