CVE-2024-13775
- EPSS 0.12%
- Veröffentlicht 01.02.2025 13:15:22
- Zuletzt bearbeitet 24.02.2025 19:04:52
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in...
CVE-2024-10627
- EPSS 8.75%
- Veröffentlicht 09.11.2024 04:15:04
- Zuletzt bearbeitet 05.06.2025 16:59:15
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible ...
CVE-2024-10625
- EPSS 40.62%
- Veröffentlicht 09.11.2024 04:15:03
- Zuletzt bearbeitet 28.05.2025 20:49:53
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible...
CVE-2024-10626
- EPSS 24.48%
- Veröffentlicht 09.11.2024 04:15:03
- Zuletzt bearbeitet 28.05.2025 20:48:34
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for...