4 matches found
CVE-2024-13775
creationtimestamp| type| source ---|---|--- 2025-02-01 13:15:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lh4luad33y2t 2025-02-01 15:37:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lh4tsb5g6b2g 2025-02-01 16:16:52+00:00| seen|...
CVE-2024-13775
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajaxdeletemessage', 'ajaxgetcustomerspartiallist', and 'ajaxgetadminslist' functions in all versions up to, and including, 17.8. This makes it...
CVE-2024-13775 WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajaxdeletemessage', 'ajaxgetcustomerspartiallist', and 'ajaxgetadminslist' functions in all versions up to, and including, 17.8. This makes it...
CVE-2024-13775 WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajaxdeletemessage', 'ajaxgetcustomerspartiallist', and 'ajaxgetadminslist' functions in all versions up to, and including, 17.8. This makes it...