cve/CVE-2024-1747.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 8654f5abb7 Update CVE sources 2024-08-11 18:44

2024-08-11 18:44:53 +00:00

Description

The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values.

POC

Reference

https://wpscan.com/vulnerability/17e45d4d-0ee1-4863-a8a4-df8587f448ec/

Github

https://github.com/20142995/nuclei-templates

1.0 KiB Raw Blame History

CVE-2024-1747

Description

POC

Reference

Github

1.0 KiB

Raw Blame History