The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-01-16T15:56:59.595Z

Updated: 2024-08-02T08:42:07.343Z

Reserved: 2023-12-12T15:58:59.273Z

Link: CVE-2023-6741

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-16T16:15:13.867

Modified: 2024-11-21T08:44:27.707

Link: CVE-2023-6741

cve-icon Redhat

No data.