VYPR
Unrated severityNVD Advisory· Published Apr 24, 2024· Updated Mar 20, 2025

WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure

CVE-2024-1756

Description

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.