The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9703f42e-bdfe-4787-92c9-47963d9af425 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:58
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-02-13 15:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-4745
Mitre link : CVE-2022-4745
CVE.ORG link : CVE-2022-4745
JSON object : View
Products Affected
wp-customerarea
- wp_customer_area
CWE
No CWE.