CVE Vulnerabilities

CVE-2022-4745

Published: Feb 13, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

Affected Software

Name Vendor Start Version End Version
Wp_customer_area Wp-customerarea * 8.1.4 (excluding)

References