Vulnerabilities and security researches forcustomer-area customer-area

Jun 07, 2024

CVE, Research URL: CVE-2022-4745
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Feb 13, 2023
Research Description: The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6824
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Jan 16, 2024
Research Description: The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2017-18519
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Aug 20, 2019
Research Description: The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-0665
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Jan 24, 2024
Research Description: The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6741
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Jan 16, 2024
Research Description: The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.
Affected versions: Min -, max -.
Status: vulnerable

Jan 29, 2025

CVE, Research URL: CVE-2024-12436
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Jan 27, 2025
Research Description: The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-12280
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Jan 27, 2025
Research Description: The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable

Jun 22, 2025

CVE, Research URL: CVE-2025-49982
Home page URL: Security reports for WP Customer Area
Application: WP Customer Area
Date: Jun 20, 2025
Research Description: Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Customer Area: from n/a through 8.2.5.
Affected versions: Min -, max -.
Status: vulnerable