WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability

Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

CVE-2025-60201 WordPress WP Customer Area plugin <= 8.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

CVE-2025-60201

CVE-2025-60201 concerns an improper control of filenames for include/require in the WordPress plugin WP Customer Area (customer-area). Affected versions are reported as the plugin being affected up to version 8.2.7, with sources also noting a vulnerability path described as Local File Inclusion (...

EUVD-2017-9635

Malware in sbrugna...

CVE-2024-0665

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Cross site scripting

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2024-15071 · WordPress · Wp Customer Area

Name of the Vulnerable Software and Affected Versions: WP Customer Area WordPress plugin versions prior to 8.2.1 Description: The issue arises from the plugin not properly validating users' capabilities in some of its AJAX actions. This allows malicious users to edit other users' account addresse...

WordPress WP Customer Area Plugin < 8.1.4 is vulnerable to Remote Code Execution (RCE)

Software WP Customer Area Type Plugin Vulnerable versions 8.1.4 Fixed in 8.1.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4745 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID fc8e26b37a92 Credits rezaduty Required privilege...

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

CVE-2017-18519

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...

CVE-2017-18519

CVE-2017-18519 affects the WordPress plugin customer-area prior to version 7.4.3, with XSS via admin pages. Root cause: improper sanitization in admin interfaces. Impact: XSS could be triggered from the admin area; remediation: upgrade to 7.4.3 or later.

WordPress WP Customer Area Plugin <= 7.4.2 - Reflected Cross Site Scripting vulnerability

The value of $REQUEST‘page’ parameter is not escaped in the template files - /src/php/core-addons/admin-area/templates/. This allows an attacker to execute a reflected cross site scripting attack. The vulnerability was fixed in version 7.4.3. Solution Update the plugin...