VYPR
Unrated severityNVD Advisory· Published Feb 13, 2023· Updated Apr 3, 2025

WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF

CVE-2022-4745

Description

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.