Vulnerabilities > CVE-2022-4745 - Unspecified vulnerability in Wp-Customerarea WP Customer Area

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
NONE
network
low complexity
wp-customerarea

Summary

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

Vulnerable Configurations

Part Description Count
Application
Wp-Customerarea
1