We please your plugin to be updated with the latest security fix for this newly-found vulnerability:
Risks:
CVSS 7.5
This vulnerability is highly dangerous and expected to become mass exploited.
7.5
Local File Inclusion
This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration.
More info here: https://patchstack.com/database/wordpress/plugin/customer-area/vulnerability/wordpress-wp-customer-area-plugin-8-2-7-local-file-inclusion-vulnerability?_a_id=431
And here: https://cwe.mitre.org/data/definitions/98.html
https://www.cve.org/CVERecord?id=CVE-2025-60201
