- Description
- The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
CVE Alert: CVE-2024-13343 - https://t.co/Txh3TsEe7S #OSINT #ThreatIntel #CyberSecurity #cve_2024_13343
@RedPacketSec
2 Feb 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-13343]: (CVSS:8.8, Severity: Critical, More Details: https://t.co/dV0oqSowtS) WooCommerce Customers Manager plugin <= 31.3 allows authenticated users to escalate privileges to admin via ajax_assign_new_roles().
@BursaMatus
1 Feb 2025
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13343 The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function… https://t.co/oCl1YeV1eM
@CVEnew
1 Feb 2025
656 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-13343: HIGH] WordPress WooCommerce Customers Manager plugin (up to v31.3) has a privilege escalation vulnerability, allowing attackers with Subscriber access to elevate their privileges to admin level.#cybersecurity,#vulnerability https://t.co/VK1O31NLq1 https://t.co/Pv
@CveFindCom
1 Feb 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "ADA0EC91-5D22-4D0C-A1A2-687283717151",
"versionEndExcluding": "31.4"
}
],
"operator": "OR"
}
]
}
]