CVE-2024-12280

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
27/01/2025
Last modified:
08/05/2025

Description

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:* 8.2.4 (excluding)