CVE-2024-12280

Name of the Vulnerable Software and Affected Versions WP Customer Area versions 8.2.4 and earlier

Description The issue is related to the lack of CSRF check when deleting logs, which could allow attackers to delete them via a CSRF attack. This could potentially be exploited by making a logged-in user delete logs without their knowledge or consent.

Recommendations WP Customer Area version 8.2.4 and earlier: Update to a version that includes a CSRF check for log deletion to prevent unauthorized log deletion. As a temporary workaround, consider restricting access to log deletion functionality until a patch is available.