CVE-2024-1747

Name of the Vulnerable Software and Affected Versions WooCommerce Customers Manager WordPress plugin versions prior to 30.2

Description The issue concerns a lack of authorization and CSRF protection in various AJAX actions within the plugin, allowing any authenticated user to update, delete, or create customer metadata. This also leads to Stored Cross-Site Scripting due to the lack of escaping of metadata values.

Recommendations For versions prior to 30.2, update to version 30.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update can be applied.