Lucene search
+L

8 matches found

Cvelist
Cvelist
added 2026/03/25 4:15 p.m.26 views

CVE-2026-32522 WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through 18.5...

8.6CVSS0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:13 a.m.10 views

CVE-2024-10626

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteuploadedfile function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS7.7AI score0.00905EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/01 12:21 p.m.6 views

CVE-2024-13775 WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajaxdeletemessage', 'ajaxgetcustomerspartiallist', and 'ajaxgetadminslist' functions in all versions up to, and including, 17.8. This makes it...

5.4CVSS5.3AI score0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/09 3:18 a.m.13 views

CVE-2024-10625 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...

9.8CVSS8.2AI score0.00996EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.9 views

WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

9.8CVSS8.3AI score0.00996EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.16 views

WordPress WooCommerce Support Ticket System Plugin <= 17.7 is vulnerable to Arbitrary File Upload

Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.7 Fixed in 17.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10627 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8e050fff0484 Credits Tonn Required privilege...

9.8CVSS7.2AI score0.00829EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.19 views

WordPress WooCommerce Support Ticket System Plugin <= 17.6 is vulnerable to Arbitrary File Deletion

Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.6 Fixed in 17.8 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-10625 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b5c39d8368a0 Credits Tonn Required privile...

9.8CVSS6.8AI score0.00996EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.16 views

PT-2024-16419 · WordPress · Woocommerce Support Ticket System

Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7 Description: The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati...

9.8CVSS8.3AI score0.00996EPSS
Exploits0References14
Rows per page
Query Builder