8 matches found
CVE-2026-32522 WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through 18.5...
CVE-2024-10626
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteuploadedfile function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-13775 WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajaxdeletemessage', 'ajaxgetcustomerspartiallist', and 'ajaxgetadminslist' functions in all versions up to, and including, 17.8. This makes it...
CVE-2024-10625 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...
WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
WordPress WooCommerce Support Ticket System Plugin <= 17.7 is vulnerable to Arbitrary File Upload
Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.7 Fixed in 17.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10627 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8e050fff0484 Credits Tonn Required privilege...
WordPress WooCommerce Support Ticket System Plugin <= 17.6 is vulnerable to Arbitrary File Deletion
Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.6 Fixed in 17.8 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-10625 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b5c39d8368a0 Credits Tonn Required privile...
PT-2024-16419 · WordPress · Woocommerce Support Ticket System
Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7 Description: The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati...