Filtered by vendor Support Ticket System Project Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-7670 1 Support Ticket System Project 1 Support Ticket System 2024-11-21 N/A
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.
CVE-2024-10625 1 Support Ticket System Project 1 Support Ticket System 2024-11-12 9.8 Critical
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVE-2024-10627 1 Support Ticket System Project 1 Support Ticket System 2024-11-12 9.8 Critical
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-10626 1 Support Ticket System Project 1 Support Ticket System 2024-11-12 8.8 High
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).