Vulnerabilities and security researches foraccount-manager-woocommerce account-manager-woocommerce

Jun 07, 2024

CVE, Research URL: 22c9e9d692c9c42ed198da08221ad28cdfb42ad9
Home page URL: Security reports for Account Manager for WooCommerce
Application: Account Manager for WooCommerce
Date: Oct 13, 2022
Research Description: Account Manager for WooCommerce [account-manager-woocommerce] <= 2.1.1 (unfixed) WordPress Account Manager for WooCommerce plugin <= 2.0.19 - Broken Access Control vulnerability Broken Access Control vulnerability leading to the export of sensitive information (user id, first name, last name) by the subscriber or higher role user discovered by WordPress Account Manager for WooCommerce plugin (versions <= 2.0.19). No patched version is available. No reply from the vendor.
Affected versions: max 2.1.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-41656
Home page URL: Security reports for Account Manager for WooCommerce
Application: Account Manager for WooCommerce
Date: -
Research Description: The Account Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to export sensitive information such as user id, first name, and last name of registered users.
Affected versions: max 2.1.1.
Status: vulnerable