cleantalk
Vulnerabilities and Security Researches

Account Manager for WooCommerce, CVE-2022-41656

CVE, Research URL

CVE-2022-41656

Home page URL

Security reports for Account Manager for WooCommerce

Application

Account Manager for WooCommerce

Published on
-
Research Description
The Account Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to export sensitive information such as user id, first name, and last name of registered users.
Affected versions
max 2.1.1.
Status
vulnerable
Previous vulnerability researches
Account Manager for WooCommerce (22c9e9d692c9c42ed198da08221ad28cdfb42ad9) , Jun 07, 2024
Account Manager for WooCommerce (CVE-2022-41656) , Jun 10, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026