Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

79 matches found

Patchstack
Patchstackadded 2026/05/01 4:54 p.m.1 views

WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by iamlooper in WordPress Plugin WP Customer Area versions = 8.3.4...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/20 9:6 a.m.3 views

WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability

Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/17 6:31 p.m.4 views

EUVD-2026-23448

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00382EPSS
Exploits0References12
NVD
NVDadded 2026/04/17 5:17 p.m.2 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS0.00382EPSS
Exploits0References11
Vulnrichment
Vulnrichmentadded 2026/04/17 4:26 p.m.1 views

CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00382EPSS
Exploits0References11
CVE
CVEadded 2026/04/17 4:26 p.m.3 views

CVE-2026-3464

The CVE concerns the WP Customer Area WordPress plugin (all versions up to 8.3.4). The vulnerability is due to insufficient file path validation in the ajax_attach_file function, allowing authenticated users with a role that can access admin features (e.g., Subscriber) to perform arbitrary file r...

8.8CVSS6.6AI score0.00382EPSS
Exploits0References11
ATTACKERKB
ATTACKERKBadded 2026/04/17 4:26 p.m.1 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00382EPSS
Exploits0References12
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.2 views

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:32 a.m.5 views

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

6.1CVSS6AI score0.0021EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.2 views

WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...

4.3CVSS5.9AI score0.00083EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/07 5:33 p.m.1 views

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS5.8AI score0.00113EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/06 6:32 p.m.1 views

EUVD-2025-38114

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.2.7...

7.5CVSS6.6AI score0.00113EPSS
Exploits0References2
NVD
NVDadded 2025/11/06 4:16 p.m.1 views

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/06 3:55 p.m.1 views

CVE-2025-60201 WordPress WP Customer Area plugin <= 8.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS5.3AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/06 3:55 p.m.6 views

CVE-2025-60201 WordPress WP Customer Area plugin <= 8.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS0.00113EPSS
Exploits0References1
CVE
CVEadded 2025/11/06 3:55 p.m.5 views

CVE-2025-60201

CVE-2025-60201 concerns an improper control of filenames for include/require in the WordPress plugin WP Customer Area (customer-area). Affected versions are reported as the plugin being affected up to version 8.2.7, with sources also noting a vulnerability path described as Local File Inclusion (...

7.5CVSS5.8AI score0.00113EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.2 views

PT-2025-45274

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.2.7...

7.5CVSS7.1AI score0.00113EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/11/06 12:0 a.m.1 views

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.7AI score0.00113EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-9635

Malware in sbrugna...

6.1CVSS6.3AI score0.0021EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-50855

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.00083EPSS
Exploits1References1
Rows per page
Query Builder