CVE-2022-4745
WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · WP Customer Area¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →