The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-639 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:57:00.656Z
Updated: 2024-10-22T16:01:51.455Z
Reserved: 2023-12-14T18:06:39.012Z
Link: CVE-2023-6824
Vulnrichment
Updated: 2024-08-02T08:42:07.451Z
NVD
Status : Modified
Published: 2024-01-16T16:15:13.920
Modified: 2024-11-21T08:44:37.473
Link: CVE-2023-6824
Redhat
No data.