Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-0399

Published: 15/04/2024 Updated: 15/04/2024

Vulnerability Summary

The WooCommerce Customers Manager WordPress plugin prior to 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

Github Repositories

https://github.com/xbz0n/CVE-2024-0399

CVE-2024-0399 - WooCommerce Customers Manager 294 - Post-Authenticated SQL Injection Exploit Title: WooCommerce Customers Manager 294 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link: codecanyonnet/item/woocommerce-customers-manager/10965432 Version: 294 Tested on: Ubuntu 2204 CVE: CVE-2024-0399 SQL Injection

References

https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/https://nvd.nist.govhttps://github.com/xbz0n/CVE-2024-0399
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook