CVE-2024-13525
Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
wpcodefactory · Customer Email Verification for WooCommerceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://plugins.trac.wordpress.org/browser/emails-verification-for-woocommerce/tags/2.9.2/includes/class-alg-wc-ev-core.php#L990https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3232261%40emails-verification-for-woocommerce%2Ftrunk&old=3230854%40emails-verification-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/a63a41d1-b9b0-43a9-a6e0-761f3b8d9d4a?source=cve