Description
WordPress Plugin WooCommerce Customers Manager is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WooCommerce Customers Manager version 26.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 26.5 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:126143E0-B0CC-4517-862E-3AC557DB744F
https://codecanyon.net/item/woocommerce-customers-manager/10965432#item-description__change-log
Related Vulnerabilities
MediaWiki Resource Management Errors Vulnerability (CVE-2015-2936)
WordPress 4.1.x Possible SQL Injection Vulnerability (4.1 - 4.1.19)
Joomla! Core Information Disclosure (1.5.0 - 3.8.1)
Cherokee Improper Input Validation Vulnerability (CVE-2009-4489)
Oracle Application Server Other Vulnerability (CVE-2004-1707)