What the vulnerability does
01Description
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
Explanation of Vulnerability in Simple Terms
WP Customer Area versions up to 8.3.4 contain a vulnerability that allows authenticated users with low privileges to read sensitive data, modify site content, and disrupt service. The vulnerability requires a valid user account but no additional user interaction. Site administrators should update to a version newer than 8.3.4 immediately.
What an attacker can do
Read sensitive data, modify content, and disrupt site availability with a low-privilege user account.
Potential impact on your site
Any registered user can access confidential information, alter site data, or cause downtime.
Conditions required to exploit
Attacker must have a valid low-privilege user account; no user interaction required.
Key dates
External resources
Related vulnerabilities