CVE-2024-2843
Severity
6.5MEDIUM
EPSS
0.1%
top 67.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 1
Description
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6