WP Customer Area — Vulnerabilities & Security Advisories 9

All 9 CVE vulnerabilities found in WP Customer Area, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3464	WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file CWE-22	8.8	High	2026-04-17
CVE-2025-60201	WordPress WP Customer Area plugin <= 8.3.5 - Local File Inclusion vulnerability CWE-98	7.5	High	2025-11-06
CVE-2025-49982	WordPress WP Customer Area plugin <= 8.3.5 - Broken Access Control vulnerability CWE-862	4.3	Medium	2025-06-20
CVE-2024-12436	WP Customer Area <= 8.2.4 - Bulk Delete via CSRF	8.1	-	2025-01-27
CVE-2024-12280	WP Customer Area <= 8.2.4 - Event Log Deletion via CSRF	4.3	-	2025-01-27
CVE-2024-0665	WP Customer Area <= 8.2.2 - Reflected Cross-Site Scripting CWE-79	6.1	Medium	2024-01-24
CVE-2023-6824	WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak	4.3	-	2024-01-16
CVE-2023-6741	WP Customer Area < 8.2.1 - Subscriber+ Account Address Update	4.3	-	2024-01-16
CVE-2022-4745	WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF	7.1	-	2023-02-13

All 9 known CVE vulnerabilities affecting WP Customer Area with full Chinese analysis, references, and POCs where available.