4 matches found
CVE-2026-3464
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...