CVE-2024-10625

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Configurations

No configuration.

History

No history.

Information

Published : 2024-11-09 04:15

Updated : 2024-11-12 13:56


NVD link : CVE-2024-10625

Mitre link : CVE-2024-10625

CVE.ORG link : CVE-2024-10625


JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')