Woocommerce Support Ticket System
Approved changes feed: RSS · Atom
cpe:2.3:a:vanquish:woocommerce_support_ticket_system:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Vanquish (8620c3b2-dad5-5ecd-8e4b-640ea6b8f386) |
|---|---|
| Product | Woocommerce Support Ticket System (6479eefd-3d8b-5c46-a5e8-3d1bbb9ea68f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-13775 |
vulnerable | 2026-06-08 06:25:38.486288 |
WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure
MEDIUM (5.4)
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users.
Published: 2025-02-01T12:21:31.365Z
Updated: 2026-04-08T17:00:50.895Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10627 |
vulnerable | 2026-06-08 06:23:47.110911 |
WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload
CRITICAL (9.8)
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2024-11-09T03:30:47.479Z
Updated: 2026-04-08T16:38:08.558Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10626 |
vulnerable | 2026-06-08 06:23:47.110301 |
WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion
HIGH (8.8)
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Published: 2024-11-09T03:18:15.453Z
Updated: 2026-04-08T17:31:48.371Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10625 |
vulnerable | 2026-06-08 06:23:47.109703 |
WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion
CRITICAL (9.8)
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Published: 2024-11-09T03:18:14.929Z
Updated: 2026-04-08T17:28:12.059Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.