CVE-2022-4745
WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · WP Customer AreaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →