CVE-2023-6741

Name of the Vulnerable Software and Affected Versions WP Customer Area WordPress plugin versions prior to 8.2.1

Description The issue arises from the plugin not properly validating users' capabilities in some of its AJAX actions. This allows malicious users to edit other users' account addresses.

Recommendations For versions prior to 8.2.1, update to version 8.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions that are vulnerable to capability validation bypass until a patch is applied.