The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
CPE | Name | Operator | Version |
---|---|---|---|
wp_customer_area | lt | 8.1.4 |