Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

84 matches found

NVD
NVDadded 2026/06/15 9:16 p.m.6 views

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/15 8:18 p.m.6 views

EUVD-2026-36826

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 8:18 p.m.26 views

CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 8:18 p.m.13 views

CVE-2026-42661

Affected software : WordPress WP Customer Area plugin

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.7 views

PT-2026-49452

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/05/01 4:54 p.m.4 views

WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by iamlooper in WordPress Plugin WP Customer Area versions = 8.3.4...

5.8AI score0.00371EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/20 9:6 a.m.4 views

WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability

Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...

8.8CVSS5.8AI score0.00968EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/17 6:31 p.m.6 views

EUVD-2026-23448

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
NVD
NVDadded 2026/04/17 5:17 p.m.5 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS0.00968EPSS
Exploits0References11
CVE
CVEadded 2026/04/17 4:26 p.m.10 views

CVE-2026-3464

The CVE concerns the WP Customer Area WordPress plugin (all versions up to 8.3.4). The vulnerability is due to insufficient file path validation in the ajax_attach_file function, allowing authenticated users with a role that can access admin features (e.g., Subscriber) to perform arbitrary file r...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References11
ATTACKERKB
ATTACKERKBadded 2026/04/17 4:26 p.m.3 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
Vulnrichment
Vulnrichmentadded 2026/04/17 4:26 p.m.7 views

CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References11
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.8 views

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.9AI score0.00968EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:32 a.m.7 views

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

6.1CVSS6AI score0.00905EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.6 views

WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...

4.3CVSS5.9AI score0.00203EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/07 5:33 p.m.3 views

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/06 6:32 p.m.3 views

EUVD-2025-38114

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.2.7...

7.5CVSS6.6AI score0.00362EPSS
Exploits0References2
NVD
NVDadded 2025/11/06 4:16 p.m.4 views

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS0.00362EPSS
Exploits0References1
CVE
CVEadded 2025/11/06 3:55 p.m.11 views

CVE-2025-60201

CVE-2025-60201 concerns an improper control of filenames for include/require in the WordPress plugin WP Customer Area (customer-area). Affected versions are reported as the plugin being affected up to version 8.2.7, with sources also noting a vulnerability path described as Local File Inclusion (...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/06 3:55 p.m.9 views

CVE-2025-60201 WordPress WP Customer Area plugin <= 8.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS0.00362EPSS
Exploits0References1
Rows per page
Query Builder