WordPress Plugin Vulnerabilities
WooCommerce < 8.1.1 - Shop Manager+ User Metadata Disclosure
Description
The plugin returns all user metadata via an AJAX action, which could allow users with a role as low as Shop Manager to access an arbitrary user's metadata which could include tokens and other potentially sensitive data
Proof of Concept
As a shop manager or product vendor admin: Edit an order/create an order. Search for a user (any user, including admin level users). Select the user, then edit the billing/shipping address and use the Load (Billing|Shipping) Address tool. Via your browser console, observe the resulting ajax request (action: woocommerce_get_customer_details) and response.
Affects Plugins
References
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
David Anderson
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-09-11 (about 8 months ago)
Added
2023-09-11 (about 8 months ago)
Last Updated
2023-09-18 (about 7 months ago)