CVE-2024-3983

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-4044 documents4 sources

Severity

8.1HIGH

EPSS

0.2%

top 52.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Woocommerce Customers Manager Vanquish Woocommerce Customers Manager

Timeline

PublishedAug 1

Description

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5unknown/woocommerce_customers_manager< 30.1

▶NVDvanquish/woocommerce_customers_manager< 30.1

🔴Vulnerability Details

CVEList

WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF↗2024-08-01

▶

GHSA

GHSA-f8wm-p3c6-g898: The WooCommerce Customers Manager WordPress plugin before 30↗2024-08-01

▶