Lucene search
+L

89 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-7640

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS0.00197EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43612

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS6.2AI score0.00197EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-7640 WP Customer Area <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'type' Shortcode Attribute

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS0.00197EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-7640

The WP Customer Area WordPress plugin is vulnerable to Stored Cross-Site Scripting via the type attribute of the customer-area-protected-content shortcode in all versions up to 8.3.5, due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access...

6.4CVSS6.2AI score0.00197EPSS
Exploits0References5
Patchstack
Patchstack
added 5 days ago6 views

WordPress WP Customer Area plugin <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Customer Area versions = 8.3.5...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36826

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.20 views

CVE-2026-42661

Affected software : WordPress WP Customer Area plugin

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49452

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/01 4:54 p.m.8 views

WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by iamlooper in WordPress Plugin WP Customer Area versions = 8.3.4...

5.8AI score0.00371EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:6 a.m.8 views

WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability

Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...

8.8CVSS5.8AI score0.00968EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/17 6:31 p.m.9 views

EUVD-2026-23448

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
NVD
NVD
added 2026/04/17 5:17 p.m.9 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS0.00968EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/17 4:26 p.m.4 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
CVE
CVE
added 2026/04/17 4:26 p.m.17 views

CVE-2026-3464

The CVE concerns the WP Customer Area WordPress plugin (all versions up to 8.3.4). The vulnerability is due to insufficient file path validation in the ajax_attach_file function, allowing authenticated users with a role that can access admin features (e.g., Subscriber) to perform arbitrary file r...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/04/17 4:26 p.m.12 views

CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.9AI score0.00968EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.9 views

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

6.1CVSS6AI score0.00905EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...

4.3CVSS5.9AI score0.00212EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder