← Volver a CVEs
CVE-2023-6824
MEDIUM6.5
Descripcion
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/16/2024
Ultima modificacion6/11/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
marvinlabs:wp_customer_area
Debilidades (CWE)
CWE-639
Referencias
https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/(contact@wpscan.com)
https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.