CVE-2024-13775
- EPSS 0.12%
- Veröffentlicht 01.02.2025 13:15:22
- Zuletzt bearbeitet 24.02.2025 19:04:52
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in...
CVE-2024-10627
- EPSS 13.94%
- Veröffentlicht 09.11.2024 04:15:04
- Zuletzt bearbeitet 05.06.2025 16:59:15
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible ...
CVE-2024-10625
- EPSS 52.21%
- Veröffentlicht 09.11.2024 04:15:03
- Zuletzt bearbeitet 28.05.2025 20:49:53
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible...
CVE-2024-10626
- EPSS 27.39%
- Veröffentlicht 09.11.2024 04:15:03
- Zuletzt bearbeitet 28.05.2025 20:48:34
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for...