Description
WordPress Plugin WooCommerce Customers Manager is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WooCommerce Customers Manager version 26.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 26.5 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:126143E0-B0CC-4517-862E-3AC557DB744F
https://codecanyon.net/item/woocommerce-customers-manager/10965432#item-description__change-log
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2002-0856)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)
WordPress Plugin YITH WooCommerce Recover Abandoned Cart Security Bypass (1.3.2)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)
WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)