CVE-2026-3464
Received Received - Intake
Arbitrary File Read/Delete in WP Customer Area Plugin Enables RCE

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: Wordfence

Description
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator grants access to (e.g., Subscriber) to to read the contents of arbitrary files on the server, which can contain sensitive information, or delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-05-07
AI Q&A
2026-04-17
EPSS Evaluated
2026-05-05
NVD
CVE-2026-3464
EUVD
EUVD-2026-23448
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wp_customer_area wp_customer_area to 8.3.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can have serious impacts including unauthorized disclosure of sensitive information by reading arbitrary files on the server.

It also allows deletion of arbitrary files, which can disrupt website functionality or enable remote code execution if critical files are deleted.

Overall, it compromises the confidentiality, integrity, and availability of the affected WordPress site.


Can you explain this vulnerability to me?

The WP Customer Area plugin for WordPress has a vulnerability in its 'ajax_attach_file' function due to insufficient file path validation. This flaw exists in all versions up to and including 8.3.4.

Because of this, authenticated users with roles granted access by an administrator (such as Subscribers) can exploit this vulnerability to read or delete arbitrary files on the server.

Reading arbitrary files can expose sensitive information, while deleting certain files (like wp-config.php) can lead to remote code execution.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows authenticated attackers to read and delete arbitrary files on the server, potentially exposing sensitive information stored in those files.

Exposure or deletion of sensitive data can lead to violations of data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information.

Therefore, this vulnerability can negatively impact compliance with these standards by risking unauthorized access to or loss of protected data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart