Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.4AI score0.00968EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/17 4:26 p.m.10 views

CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/04/17 4:26 p.m.26 views

CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS0.00968EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/17 4:26 p.m.4 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
Rows per page
Query Builder