User Account Address Disclosure Vulnerability in WP Customer Area WordPress Plugin

User Account Address Disclosure Vulnerability in WP Customer Area WordPress Plugin

CVE-2023-6824 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

Learn more about our Wordpress Pen Testing.