CVE-2026-32522 WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through 18.5...

PT-2026-23251

Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through = 3.1...

CVE-2025-69379

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

CVE-2025-69380

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

CVE-2025-69376

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through = 17.0...

CVE-2025-69376

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through = 17.0...

CVE-2025-69379

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

PT-2026-21162

Name of the Vulnerable Software and Affected Versions vanquish WooCommerce Bulk Product Editor versions through 3.0 Description The WooCommerce Bulk Product Editor, specifically the woocommerce-quick-product-editor component, exhibits a missing authorization issue. This flaw stems from incorrectl...

PT-2026-21161

Name of the Vulnerable Software and Affected Versions vanquish Upload Files Anywhere versions prior to 2.9 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as a Path Traversal issue. This impacts the Upload Files Anywhere...

PT-2026-21158

Name of the Vulnerable Software and Affected Versions vanquish User Extra Fields wp-user-extra-fields versions through 17.0 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows unauthorized acces...

PT-2026-21059

Name of the Vulnerable Software and Affected Versions vanquish User Extra Fields wp-user-extra-fields versions through 16.8 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS condition. This allows for...

CVE-2025-22713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

CVE-2025-67579

Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through = 16.8...