CVE-2026-3464
WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator grants access to (e.g., Subscriber) to to read the contents of arbitrary files on the server, which can contain sensitive information, or delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
| CWE | CWE-22 |
| Vendor | aguilatechnologies |
| Product | wp customer area |
| Published | Apr 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for aguilatechnologies wp customer area
Be the first to know when new high vulnerabilities affecting aguilatechnologies wp customer area are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
aguilatechnologies / WP Customer Area
0 โค 8.3.4
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/aadf1f4c-c852-4167-9b09-7e679a953725?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3507868/customer-area plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L844 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L883 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L920 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L404 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L422 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L428 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/file-attachment-manager.js#L170 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/ftp-uploader.js#L63 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/templates/private-attachments-add-ftp-folder-frontend.template.php#L17
Credits
Angus Girvan