WordPress wp-ticketbai Plugin Vulnerabilities: CSRF, Arbitrary File Deletion, Path Traversal

Critical Vulnerability Information 1. Missing Nonce Validation In the file, the AJAX request for deleting a PDF does not include the parameter. This could lead to Cross-Site Request Forgery (CSRF) attacks, as the request lacks proper validation. 2. Unsafe File Deletion Operation In the file, the operation to delete a PDF file lacks sufficient security checks. This may result in an arbitrary file deletion vulnerability, allowing attackers to delete any file on the server. 3. Insufficient Permission Checks The PDF deletion operation only verifies whether the user is logged in, without further checking if the user has the necessary permissions to perform the action. This could lead to privilege escalation vulnerabilities, enabling regular users to perform actions requiring administrative privileges. 4. Path Traversal Risk When handling file paths, there is no strict path validation or normalization for the variable. This may result in a path traversal vulnerability, allowing attackers to construct malicious file paths to access or delete arbitrary files. Summary This plugin contains multiple security vulnerabilities, including CSRF, arbitrary file deletion, insufficient permission checks, and path traversal risks. Developers are advised to address these issues promptly to prevent potential security threats.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress wp-ticketbai Plugin Vulnerabilities: CSRF, Arbitrary File Deletion, Path Traversal