EUVD-2026-23448CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator grants access to (e.g., Subscriber) to to read the contents of arbitrary files on the server, which can contain sensitive information, or delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
AnalysisAI
Path traversal in WP Customer Area plugin through version 8.3.4 enables low-privileged authenticated users (Subscriber-level or higher, as configured by administrators) to read sensitive files like wp-config.php or delete critical WordPress files to achieve remote code execution. Wordfence reported this vulnerability affecting the ajax_attach_file function, which fails to properly validate file paths. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Audit all WordPress installations for WP Customer Area plugin presence and current version; disable the plugin immediately if version 8.3.4 or earlier is detected. Within 7 days: Check for vendor advisory updates and patch availability; if patch releases, apply vendor-released patch to WP Customer Area plugin across all instances. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today