CVE-2024-0399 Information

Description

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement leading to an SQL injection exploitable by Subscriber+ role.

Reference

https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/