VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Jan 31, 2025

WooCommerce Customers Manager Vulnerabilities

Review known vulnerability records for the WordPress plugin WooCommerce Customers Manager (`woocommerce-customers-manager`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-13343, CVE-2024-1747 and CVE-2024-2843, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
4
Patch Coverage
100%
Last Updated
Feb 01, 2025
Priority CVE Quick Links

Fast paths into WooCommerce Customers Manager CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
7
CVE-2024-0399 Critical 29.7
CVE-2024-0399 WooCommerce Customers Manager SQL Injection

WooCommerce Customers Manager <= 29.6 - Authenticated (Subscriber+) SQL Injection

CVE-2024-13343 High 31.4
CVE-2024-13343 WooCommerce Customers Manager Privilege Escalation

WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

CVE-2024-1747 Medium 30.2
CVE-2024-1747 WooCommerce Customers Manager Stored Cross-Site Scripting

WooCommerce Customers Manager <= 30.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

CVE-2024-1743 Medium 29.8
CVE-2024-1743 WooCommerce Customers Manager Cross-Site Scripting

WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting

CVE-2024-2843 Medium 30.1
CVE-2024-2843 WooCommerce Customers Manager Cross-Site Request Forgery

WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'

CVE-2024-3983 Medium 30.1
CVE-2024-3983 WooCommerce Customers Manager Cross-Site Request Forgery

WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion

CVE-2024-1756 Medium 29.8
CVE-2024-1756 WooCommerce Customers Manager Vulnerability

WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WooCommerce Customers Manager so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 3 high severity findings.
Recent CVEs
CVE-2024-13343, CVE-2024-1747 and CVE-2024-2843
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WooCommerce Customers Manager

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2024-13343
CVE-2024-13343: WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-l...

Published
Jan 31, 2025
Patched Release
31.4
Affected Versions
Versions up to 31.3
Next Step
Update to 31.4 or newer if supported.
Open CVE-2024-13343 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1747
CVE-2024-1747: WooCommerce Customers Manager <= 30.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The WooCommerce Customers Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'wccm_update_user_meta' in all versions up to, and including, 30.1. This makes it possible for authenticated attackers, with...

Published
Jul 11, 2024
Patched Release
30.2
Affected Versions
Versions up to 30.1
Next Step
Update to 30.2 or newer if supported.
Open CVE-2024-1747 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2843
CVE-2024-2843: WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 30.1 (exclusive). This is due to missing or incorrect nonce validation on the 'woocommerce-customers-manager' page. This makes it possible for unauthenticated...

Published
Jul 11, 2024
Patched Release
30.1
Affected Versions
Versions before 30.1
Next Step
Update to 30.1 or newer if supported.
Open CVE-2024-2843 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3983
CVE-2024-3983: WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 30.1 (exclusive). This is due to missing or incorrect nonce validation on the 'woocommerce-customers-manager' page. This makes it possible for unauthenticated...

Published
Jul 11, 2024
Patched Release
30.1
Affected Versions
Versions before 30.1
Next Step
Update to 30.1 or newer if supported.
Open CVE-2024-3983 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1743
CVE-2024-1743: WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to 29.8 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

Published
Apr 03, 2024
Patched Release
29.8
Affected Versions
Versions up to 29.7
Next Step
Update to 29.8 or newer if supported.
Open CVE-2024-1743 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1756
CVE-2024-1756: WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure

The WooCommerce Customers Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wccm_get_customers_list AJAX action in all versions up to, and including, 29.7. This makes it possible for authenticated attackers, with su...

Published
Apr 02, 2024
Patched Release
29.8
Affected Versions
Versions up to 29.7
Next Step
Update to 29.8 or newer if supported.
Open CVE-2024-1756 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-0399
CVE-2024-0399: WooCommerce Customers Manager <= 29.6 - Authenticated (Subscriber+) SQL Injection

The WooCommerce Customers Manager plugin for WordPress is vulnerable to SQL Injection via the 'max_amount_total' parameter in all versions up to, and including, 29.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Published
Mar 25, 2024
Patched Release
29.7
Affected Versions
Versions up to 29.6
Next Step
Update to 29.7 or newer if supported.
Open CVE-2024-0399 Report Open CVE Reference
Plugin Medium Patched: Yes
Woocommerce Customers Manager < 26.6 - Reflected Cross-Site Scripting

The Woocommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wccm_customers_ids’ and 'wccm_customers_emails' parameters in versions before 26.6 due to insufficient input sanitization and output escaping. This makes it possible fo...

Published
Mar 30, 2021
Patched Release
26.6
Affected Versions
Versions up to 26.5
Next Step
Update to 26.6 or newer if supported.
Open Full Report
Plugin High Patched: Yes
Woocommerce Customers Manager <= 26.5 - Cross-Site Request Forgery to Account Creation

The Woocommerce Customers Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 26.5. This makes it possible for unauthenticated attackers to create new accounts via forged request granted they can trick a site administrator in...

Published
Mar 30, 2021
Patched Release
26.6
Affected Versions
Versions before 26.6
Next Step
Update to 26.6 or newer if supported.
Open Full Report
Plugin High Patched: Yes
Woocommerce Customers Manager <= 26.4 - Authenticated Account Creation and Privilege Escalation

The Woocommerce Customers Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability checks in the user import in versions up to, and including, 26.4. This makes it possible for Subscriber-level attackers to import arbitrary user information to...

Published
Feb 24, 2021
Patched Release
26.5
Affected Versions
Versions before 26.5
Next Step
Update to 26.5 or newer if supported.
Open Full Report