Description
WordPress Plugin WooCommerce Customers Manager is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WooCommerce Customers Manager version 26.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 26.5 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:126143E0-B0CC-4517-862E-3AC557DB744F
https://codecanyon.net/item/woocommerce-customers-manager/10965432#item-description__change-log
Related Vulnerabilities
EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789)
WordPress Plugin Easy Registration Forms Cross-Site Scripting (2.1.1)
Apache HTTP Server Other Vulnerability (CVE-2010-0408)
IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722)
WordPress Plugin GD Star Rating Multiple Vulnerabilities (1.9.22)