Vulnerabilities > Vanquish > Woocommerce Support Ticket System > 17.4

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-01	CVE-2024-13775	Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. network low complexity vanquish CWE-862	5.4
2024-11-09	CVE-2024-10625	Path Traversal vulnerability in Vanquish Woocommerce Support Ticket System The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. network low complexity vanquish CWE-22 critical	9.1
2024-11-09	CVE-2024-10626	Path Traversal vulnerability in Vanquish Woocommerce Support Ticket System The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. network low complexity vanquish CWE-22	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.