6 matches found
CVE-2022-4745
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...
CVE-2022-4745
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...
CVE-2022-4745 WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...
CVE-2022-4745 WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...
CVE-2022-4745
The CVE-2022-4745 entry describes a CSRF weakness in the WP Customer Area WordPress plugin prior to version 8.1.4. The issue allows a logged-in attacker to trigger actions such as chmod, mkdir, and copy, potentially causing an admin to perform arbitrary folder creation or file copying. Public sou...
WordPress WP Customer Area Plugin < 8.1.4 is vulnerable to Remote Code Execution (RCE)
Software WP Customer Area Type Plugin Vulnerable versions 8.1.4 Fixed in 8.1.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4745 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID fc8e26b37a92 Credits rezaduty Required privilege...