Primary

Context

WP Customer Area WordPress Plugin Cross-Site Request Forgery Vulnerability in Log Deletion

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability has been identified in the WP Customer Area WordPress plugin, affecting versions through 8.2.4. The vulnerability arises because the plugin does not implement CSRF protection when logs are deleted. This lack of protection could enable attackers to exploit a logged-in user to delete logs on their behalf.

Impact

Exploitation of this vulnerability allows for unauthorized log deletion, potentially leading to loss of important event data.

Remediation

Users can update to WP Customer Area version 8.2.5 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.9

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.9

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Customer Area WordPress Plugin Cross-Site Request Forgery Vulnerability in Log Deletion

Vulnerability

Impact

Remediation

Affected Products

WP Customer Area

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating