VYPR

Customer Area

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-3464HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.01

    The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role…

  • CVE-2025-60201HigNov 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through <= 8.3.5.

  • CVE-2025-49982MedJun 20, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4.