Vulnerability Details CVE-2024-13343
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.9%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-13343
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:-
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:21.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:21.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:21.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:31.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:31.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:31.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:31.3