Vulnerabilities > CVE-2022-4745 - Unspecified vulnerability in Wp-Customerarea WP Customer Area

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wp-customerarea

NVD

Published: 2023-02-13

Updated: 2023-11-07

Summary

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

Vulnerable Configurations

Part	Description	Count
Application	Wp-Customerarea WP Customerarea WP Customer Area *	1

References

https://wpscan.com/vulnerability/9703f42e-bdfe-4787-92c9-47963d9af425