Description
The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.
Published: 2024-04-15
Score: 8.1 High
EPSS: 2.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 07 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Vanquish
Vanquish woocommerce Customers Manager
Weaknesses CWE-89
CPEs cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*
Vendors & Products Vanquish
Vanquish woocommerce Customers Manager

Thu, 27 Mar 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Woocommerce
Woocommerce woocommerce Customers Manager
CPEs cpe:2.3:a:woocommerce:woocommerce_customers_manager:*:*:*:*:*:*:*:*
Vendors & Products Woocommerce
Woocommerce woocommerce Customers Manager
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Vanquish Woocommerce Customers Manager
Woocommerce Woocommerce Customers Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-03-27T20:44:28.266Z

Reserved: 2024-01-10T15:10:32.475Z

Link: CVE-2024-0399

cve-icon Vulnrichment

Updated: 2024-08-01T18:04:49.575Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-15T05:15:14.627

Modified: 2025-04-07T14:48:35.920

Link: CVE-2024-0399

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses