Lucene search
K

43 matches found

CVE
CVE
added 2026/06/15 8:18 p.m.17 views

CVE-2026-42661

Affected software : WordPress WP Customer Area plugin

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 6:31 p.m.8 views

EUVD-2026-23448

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS6.6AI score0.00968EPSS
Exploits0References12
NVD
NVD
added 2026/04/17 5:17 p.m.7 views

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

8.8CVSS0.00968EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.4 views

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS5.8AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:16 p.m.4 views

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

7.5CVSS0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18769

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50855

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.00212EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-16457

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.8 views

CVE-2025-49982

Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through = 8.3.5...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 3:15 p.m.4 views

CVE-2025-49982

Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through = 8.3.4...

4.3CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.17 views

CVE-2025-49982

CVE-2025-49982 concerns the WordPress plugin WP Customer Area (aguilatechnologies) with a missing/incorrect authorization issue leading to broken access control in versions up to 8.2.5. The vulnerability’s impact is described as unauthorized access due to misconfigured access control levels. Publ...

4.3CVSS5.1AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/06/20 3:4 p.m.6 views

CVE-2025-49982

Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through = 8.3.4...

4.3CVSS5.1AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.5 views

PT-2025-26350 · WordPress · Wp Customer Area

Name of the Vulnerable Software and Affected Versions: WP Customer Area versions 8.2.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP Customer Area...

4.3CVSS6.3AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.18 views

CVE-2024-0665

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.7 views

CVE-2024-12436

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS6.8AI score0.00212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.11 views

CVE-2023-6824

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...

6.5CVSS6.7AI score0.00483EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.14 views

CVE-2023-6741

The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address...

4.3CVSS6.7AI score0.00394EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.11 views

CVE-2022-4745

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...

7.1CVSS7AI score0.00276EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/01/27 11:18 p.m.6 views

WordPress WP Customer Area plugin < 8.2.5 - Event Log Deletion via CSRF vulnerability

Event Log Deletion via CSRF vulnerability discovered by Krugov Artyom in WordPress Plugin WP Customer Area versions 8.2.5...

4.3CVSS7AI score0.00196EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder