The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
History

Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-01-16T15:57:00.656Z

Updated: 2024-10-22T16:01:51.455Z

Reserved: 2023-12-14T18:06:39.012Z

Link: CVE-2023-6824

cve-icon Vulnrichment

Updated: 2024-08-02T08:42:07.451Z

cve-icon NVD

Status : Modified

Published: 2024-01-16T16:15:13.920

Modified: 2024-11-21T08:44:37.473

Link: CVE-2023-6824

cve-icon Redhat

No data.