WordPress Plugin Vulnerabilities

WP Customer Area <= 8.3.4 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
customer-area
No known fix

References

CVE
CVE-2025-49982
URL
https://patchstack.com/database/wordpress/plugin/customer-area/vulnerability/wordpress-wp-customer-area-plugin-8-2-5-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
domiee13
Verified
No
WPVDB ID
7d453de0-2008-49f7-9351-870d957395cd

Timeline

Publicly Published
2025-06-19 (about 10 months ago)
Added
2025-06-25 (about 10 months ago)
Last Updated
2026-02-05 (about 3 months ago)

Other

Published
Title
Published
2025-04-02
Title
Minimalistic Event Manager <= 1.1.1 - Missing Authorization
Published
2025-02-11
Title
The Ultimate WordPress Toolkit – WP Extended < 3.0.14 - Missing Authorization to Unauthenticated Post Order Manipulation
Published
2025-02-24
Title
WP-Asambleas <= 2.85.0 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-08-27
Title
Xpro Theme Builder < 1.2.10 - Missing Authorization
Published
2026-03-01
Title
Make My Trivia <= 1.1.0 - Missing Authorization