89 matches found
CVE-2026-7640
The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...
EUVD-2026-43612
The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...
CVE-2026-7640 WP Customer Area <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'type' Shortcode Attribute
The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...
CVE-2026-7640
The WP Customer Area WordPress plugin is vulnerable to Stored Cross-Site Scripting via the type attribute of the customer-area-protected-content shortcode in all versions up to 8.3.5, due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access...
WordPress WP Customer Area plugin <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Customer Area versions = 8.3.5...
CVE-2026-42661
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
CVE-2026-42661
Affected software : WordPress WP Customer Area plugin
CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
EUVD-2026-36826
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
PT-2026-49452
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability
Path Traversal vulnerability discovered by iamlooper in WordPress Plugin WP Customer Area versions = 8.3.4...
WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability
Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...
EUVD-2026-23448
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464
The CVE concerns the WP Customer Area WordPress plugin (all versions up to 8.3.4). The vulnerability is due to insufficient file path validation in the ajax_attach_file function, allowing authenticated users with a role that can access admin features (e.g., Subscriber) to perform arbitrary file r...
CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
WordPress plugin WP Customer Area 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2017-18519
The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages...
WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability
Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...