Overview
- Description
- The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-434
Social media
- Hype score
- Not currently trending
CVE-2024-10627 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t..https://t.co/nAeSXMWsNK #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10627: CRITICAL] WordPress WooCommerce Support Ticket System plugin up to version 17.7 is at risk with arbitrary file uploads. Unauthenticated attackers can exploit this vulnerability for remote code ex...#cybersecurity,#vulnerability https://t.co/HbY5hQ63eF https://t.c
@CveFindCom
9 Nov 2024
40 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10627 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_u… https://t.co/is0mEEFMF5
@CVEnew
9 Nov 2024
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes