WooCommerce Support Ticket System CVE-2024-10625 Unauthenticated Arbitrary File Deletion

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion 2. Description: This vulnerability arises from insufficient validation in the function across all versions up to 17.7 of the WooCommerce Support Ticket System plugin, allowing unauthorized file deletion. This enables unauthenticated attackers to delete any file on the server, including , potentially leading to remote code execution. 3. CVSS Score: 9.8 (Critical) 4. Public Release Date: November 8, 2024 5. Update Date: November 9, 2024 6. Researcher: Tonn 7. Fix Status: Fixed 8. Affected Versions: <= 17.6 9. Fixed Version: 17.8 10. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 11. CVE ID: CVE-2024-10625 12. CVSS Score: 9.8 (Critical) 13. Public Release Date: November 8, 2024 14. Update Date: November 9, 2024 15. Researcher: Tonn 16. Fix Status: Fixed 17. Affected Versions: <= 17.6 18. Fixed Version: 17.8 19. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 20. CVE ID: CVE-2024-10625 21. CVSS Score: 9.8 (Critical) 22. Public Release Date: November 8, 2024 23. Update Date: November 9, 2024 24. Researcher: Tonn 25. Fix Status: Fixed 26. Affected Versions: <= 17.6 27. Fixed Version: 17.8 28. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 29. CVE ID: CVE-2024-10625 30. CVSS Score: 9.8 (Critical) 31. Public Release Date: November 8, 2024 32. Update Date: November 9, 2024 33. Researcher: Tonn 34. Fix Status: Fixed 35. Affected Versions: <= 17.6 36. Fixed Version: 17.8 37. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 38. CVE ID: CVE-2024-10625 39. CVSS Score: 9.8 (Critical) 40. Public Release Date: November 8, 2024 41. Update Date: November 9, 2024 42. Researcher: Tonn 43. Fix Status: Fixed 44. Affected Versions: <= 17.6 45. Fixed Version: 17.8 46. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 47. CVE ID: CVE-2024-10625 48. CVSS Score: 9.8 (Critical) 49. Public Release Date: November 8, 2024 50. Update Date: November 9, 2024 51. Researcher: Tonn 52. Fix Status: Fixed 53. Affected Versions: <= 17.6 54. Fixed Version: 17.8 55. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 56. CVE ID: CVE-2024-10625 57. CVSS Score: 9.8 (Critical) 58. Public Release Date: November 8, 2024 59. Update Date: November 9, 2024 60. Researcher: Tonn 61. Fix Status: Fixed 62. Affected Versions: <= 17.6 63. Fixed Version: 17.8 64. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 65. CVE ID: CVE-2024-10625 66. CVSS Score: 9.8 (Critical) 67. Public Release Date: November 8, 2024 68. Update Date: November 9, 2024 69. Researcher: Tonn 70. Fix Status: Fixed 71. Affected Versions: <= 17.6 72. Fixed Version: 17.8 73. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 74. CVE ID: CVE-2024-10625 75. CVSS Score: 9.8 (Critical) 76. Public Release Date: November 8, 2024 77. Update Date: November 9, 2024 78. Researcher: Tonn 79. Fix Status: Fixed 80. Affected Versions: <= 17.6 81. Fixed Version: 17.8 82. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 83. CVE ID: CVE-2024-10625 84. CVSS Score: 9.8 (Critical) 85. Public Release Date: November 8, 2024 86. Update Date: November 9, 2024 87. Researcher: Tonn 88. Fix Status: Fixed 89. Affected Versions: <= 17.6 90. Fixed Version: 17.8 91. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 92. CVE ID: CVE-2024-10625 93. CVSS Score: 9.8 (Critical) 94. Public Release Date: November 8, 2024 95. Update Date: November 9, 2024 96. Researcher: Tonn 97. Fix Status: Fixed 98. Affected Versions: <= 17.6 99. Fixed Version: 17.8 100. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 101. CVE ID: CVE-2024-10625 102. CVSS Score: 9.8 (Critical) 103. Public Release Date: November 8, 2024 104. Update Date: November 9, 2024 105. Researcher: Tonn 106. Fix Status: Fixed 107. Affected Versions: <= 17.6 108. Fixed Version: 17.8 109. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 110. CVE ID: CVE-2024-10625 111. CVSS Score: 9.8 (Critical) 112. Public Release Date: November 8, 2024 113. Update Date: November 9, 2024 114. Researcher: Tonn 115. Fix Status: Fixed 116. Affected Versions: <= 17.6 117. Fixed Version: 17.8 118. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 119. CVE ID: CVE-2024-10625

Goal Reached Thanks to every supporter — we hit 100%!

WooCommerce Support Ticket System CVE-2024-10625 Unauthenticated Arbitrary File Deletion

More from this source