CVE-2026-3464 - Vulnerability Analysis

Overview

WP Customer Area plugin for WordPress <= 8.3.4 contains a path traversal vulnerability caused by insufficient file path validation in the 'ajax_attach_file' function, letting authenticated attackers with granted roles read or delete arbitrary files on the server.

Severity & Score

Impact

Authenticated attackers can read sensitive files or delete critical files, potentially leading to remote code execution.

Mitigation

Update to the latest version beyond 8.3.4.

References

• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L920
• https://plugins.trac.wordpress.org/changeset/3507868/customer-area
• https://www.wordfence.com/threat-intel/vulnerabilities/id/aadf1f4c-c852-4167-9b09-7e679a953725?source=cve
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/ftp-uploader.js#L63
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L844
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L404
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L422
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L428
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/templates/private-attachments-add-ftp-folder-frontend.template.php#L17
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/file-attachment-manager.js#L170
• https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L883

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner