43 matches found
CVE-2026-42661
Affected software : WordPress WP Customer Area plugin
CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
EUVD-2026-23448
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2026-3464
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...
CVE-2025-60201
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...
CVE-2025-60201
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...
EUVD-2025-18769
Malicious code in bioql PyPI...
EUVD-2024-50855
Malicious code in bioql PyPI...
EUVD-2024-16457
Malicious code in bioql PyPI...
CVE-2025-49982
Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through = 8.3.5...
CVE-2025-49982
Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through = 8.3.4...
CVE-2025-49982
CVE-2025-49982 concerns the WordPress plugin WP Customer Area (aguilatechnologies) with a missing/incorrect authorization issue leading to broken access control in versions up to 8.2.5. The vulnerability’s impact is described as unauthorized access due to misconfigured access control levels. Publ...
CVE-2025-49982
Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through = 8.3.4...
PT-2025-26350 · WordPress · Wp Customer Area
Name of the Vulnerable Software and Affected Versions: WP Customer Area versions 8.2.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP Customer Area...
CVE-2024-0665
The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-12436
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2023-6824
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...
CVE-2023-6741
The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address...
CVE-2022-4745
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...
WordPress WP Customer Area plugin < 8.2.5 - Event Log Deletion via CSRF vulnerability
Event Log Deletion via CSRF vulnerability discovered by Krugov Artyom in WordPress Plugin WP Customer Area versions 8.2.5...