CVE-2025-49982 — Missing Authorization in WP Customer Area

CWE-862 — Missing Authorization CWE-416 — Use After Free4 documents4 sources

Severity

7.8HIGH

No vector

EPSS

0.1%

top 69.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aguilatechnologies WP Customer Area

Timeline

PublishedJun 20

Description

Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4.

Affected Packages1 packages

▶CVEListV5aguilatechnologies/wp_customer_area8.3.4

🔴Vulnerability Details

CVEList

WordPress WP Customer Area plugin <= 8.3.4 - Broken Access Control vulnerability↗2025-06-20

▶

GHSA

GHSA-w8c6-jhx2-568h: Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels↗2025-06-20

▶

📋Vendor Advisories

Microsoft

aoe: fix the potential use-after-free problem in more places↗2024-10-08

▶