Marvinlabs Wp Customer Area — known CVE vulnerabilities
Every CVE whose affected-product data names Marvinlabs Wp Customer Area, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-6824 — CVSS 6.5 (medium): The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any…
CVE-2024-0665 — CVSS 6.1 (medium): The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to…
CVE-2023-6741 — CVSS 4.3 (medium): The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing…
CVE-2024-12280 — CVSS 4.3 (medium): The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers…
CVE-2024-12436 — CVSS 4.3 (medium): The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in…