CVE-2024-1756

Name of the Vulnerable Software and Affected Versions WooCommerce Customers Manager WordPress plugin versions prior to 29.8

Description The issue concerns a lack of authorization and CSRF protection in an AJAX action, allowing any authenticated user to retrieve a list of customer email addresses along with their id, first name, and last name.

Recommendations For versions prior to 29.8, update to version 29.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until the update is applied.