Lack of CSRF Checks in WP Customer Area Plugin Allows Arbitrary File Manipulation

Lack of CSRF Checks in WP Customer Area Plugin Allows Arbitrary File Manipulation

CVE-2022-4745 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

Learn more about our Wordpress Pen Testing.