CVE-2024-1747
📋 TL;DR
This vulnerability in the WooCommerce Customers Manager WordPress plugin allows any authenticated user, even with low privileges like subscriber, to perform unauthorized AJAX actions to create, update, or delete customer metadata. It also enables stored cross-site scripting (XSS) attacks due to insufficient input escaping, potentially compromising site integrity and user data. WordPress sites using the affected plugin versions are at risk.
💻 Affected Systems
- WooCommerce Customers Manager WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could inject malicious scripts into customer metadata, leading to widespread XSS attacks that steal session cookies, redirect users to malicious sites, or deface the website, potentially compromising all users and administrative functions.
Likely Case
Low-privileged users or attackers with subscriber accounts could tamper with customer data, causing data corruption, unauthorized access to sensitive information, or limited XSS payloads affecting other users.
If Mitigated
With proper access controls and input validation, the impact is minimized to minor data inconsistencies or no exploitation if the plugin is patched or disabled.
🎯 Exploit Status
Exploitation is straightforward for authenticated users; no public proof-of-concept is known, but the vulnerability details are public.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 30.2 or later
Vendor Advisory: https://wpscan.com/vulnerability/17e45d4d-0ee1-4863-a8a4-df8587f448ec/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins > Installed Plugins. 3. Find 'WooCommerce Customers Manager' and update to version 30.2 or later. 4. Verify the update completes successfully.
🔧 Temporary Workarounds
Disable the plugin
allTemporarily deactivate the WooCommerce Customers Manager plugin to prevent exploitation until patching is possible.
wp plugin deactivate woocommerce-customers-manager
Restrict user roles
allLimit user registrations and review existing accounts to remove unnecessary subscriber or low-privilege roles.
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block suspicious AJAX requests targeting the plugin.
- Monitor and audit user activities, especially from low-privilege accounts, for unusual metadata changes.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is below 30.2, it is vulnerable.Check Version:
wp plugin get woocommerce-customers-manager --field=versionVerify Fix Applied:
After updating, confirm the plugin version is 30.2 or higher in the same location and test that low-privilege users cannot modify customer metadata via AJAX.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX POST requests to /wp-admin/admin-ajax.php with actions related to customer metadata from low-privilege user accounts.
- Unexpected changes in customer metadata or user roles in WordPress logs.
Network Indicators:
- HTTP requests with parameters like 'action' containing values such as 'update_customer_meta' from non-admin IPs.
SIEM Query:
source="wordpress.log" AND (uri="/wp-admin/admin-ajax.php" AND user_role="subscriber" AND action="*customer*meta*")