CVE Vulnerabilities

CVE-2023-6824

Published: Jan 16, 2024 | Modified: Jun 11, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other users account address.

Affected Software

NameVendorStart VersionEnd Version
Wp_customer_areaMarvinlabs*8.2.1 (excluding)

References