← back
CVE-2023-6741

WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

CVSS 4.3 MEDIUMEPSS 0.4%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N