CVE-2022-4745

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 75.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown WP Customer Area Wp-customerarea WP Customer Area

Timeline

PublishedFeb 13

Description

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5unknown/wp_customer_area< 8.1.4

▶NVDwp-customerarea/wp_customer_area< 8.1.4

🔴Vulnerability Details

GHSA

GHSA-xqmw-24v9-r296: The WP Customer Area WordPress plugin before 8↗2023-02-13

▶

CVEList

WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF↗2023-02-13

▶