Overview
- Description
- The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-22
Social media
- Hype score
- Not currently trending
CVE-2024-10625 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient ..https://t.co/1oW1GTwyZm #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10625 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploade… https://t.co/ZlsTXptzyG
@CVEnew
9 Nov 2024
323 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10625: CRITICAL] WordPress WooCommerce Support Ticket System plugin <= 17.7 has a severe vulnerability, allowing unauthenticated attackers to delete files on the server, risking remote code execution.#cybersecurity,#vulnerability https://t.co/9latA2zFTd https://t.co/
@CveFindCom
9 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes