Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.13 views

CVE-2022-4745

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...

7.1CVSS7AI score0.00276EPSS
Exploits1References1
OSV
OSV
added 2023/02/13 3:15 p.m.3 views

CVE-2022-4745

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...

7.1CVSS5.9AI score0.00276EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.40 views

CVE-2022-4745 WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...

7.2AI score0.00276EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.12 views

CVE-2022-4745 WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...

7.2AI score0.00276EPSS
Exploits1References1
CVE
CVE
added 2023/02/13 2:32 p.m.29 views

CVE-2022-4745

The CVE-2022-4745 entry describes a CSRF weakness in the WP Customer Area WordPress plugin prior to version 8.1.4. The issue allows a logged-in attacker to trigger actions such as chmod, mkdir, and copy, potentially causing an admin to perform arbitrary folder creation or file copying. Public sou...

7.1CVSS7AI score0.00276EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/01/18 12:0 a.m.20 views

WordPress WP Customer Area Plugin < 8.1.4 is vulnerable to Remote Code Execution (RCE)

Software WP Customer Area Type Plugin Vulnerable versions 8.1.4 Fixed in 8.1.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4745 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID fc8e26b37a92 Credits rezaduty Required privilege...

7.1CVSS7.3AI score0.00276EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder