Vulnerabilities > Vanquish

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-01	CVE-2024-13775	Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. network low complexity vanquish CWE-862	5.4
2025-02-01	CVE-2024-13343	Missing Authorization vulnerability in Vanquish Woocommerce Customers Manager The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. network low complexity vanquish CWE-862	8.8
2024-11-13	CVE-2024-10820	Unspecified vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. network low complexity vanquish critical	9.8
2021-04-05	CVE-2021-24171	Unrestricted Upload of File with Dangerous Type vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. network low complexity vanquish CWE-434 critical	9.8

Vulnerabilities > Vanquish {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vanquish"}]}