The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/ | Exploit Third Party Advisory |
Configurations
History
07 May 2025, 18:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Vanquish
Vanquish woocommerce Customers Manager |
|
| CPE | cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:* | |
| References | () https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/ - Exploit, Third Party Advisory |
21 Nov 2024, 08:51
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/ - |
03 Jul 2024, 01:45
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
| CWE | CWE-79 |
24 Apr 2024, 13:39
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-24 05:15
Updated : 2025-05-07 18:00
NVD link : CVE-2024-1743
Mitre link : CVE-2024-1743
CVE.ORG link : CVE-2024-1743
JSON object : View
Products Affected
vanquish
- woocommerce_customers_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')