The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References
Link | Resource |
---|---|
https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 | Product |
https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf1cecd-c630-498d-9aa0-3d0adeb73033?source=cve | Third Party Advisory |
Configurations
History
28 May 2025, 20:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vanquish:woocommerce_support_ticket_system:*:*:*:*:*:wordpress:*:* | |
First Time |
Vanquish woocommerce Support Ticket System
Vanquish |
|
References | () https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf1cecd-c630-498d-9aa0-3d0adeb73033?source=cve - Third Party Advisory |
12 Nov 2024, 13:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Nov 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-09 04:15
Updated : 2025-05-28 20:49
NVD link : CVE-2024-10625
Mitre link : CVE-2024-10625
CVE.ORG link : CVE-2024-10625
JSON object : View
Products Affected
vanquish
- woocommerce_support_ticket_system
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')