VYPR

WooCommerce Customers Manager

by WordPress

CVEs (5)

  • CVE-2025-13369MedJan 7, 2026
    risk 0.33cvss 6.1epss 0.00

    The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to insufficient input…

  • CVE-2024-0399Apr 15, 2024
    risk 0.03cvss epss 0.03

    The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

  • CVE-2024-13343Feb 1, 2025
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with…

  • CVE-2024-1756Apr 24, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

  • CVE-2024-1743Apr 24, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin