CVE-2024-13775 | vanquish WooCommerce Support Ticket System Plugin up to 17.8 on WordPress authorization

Inserito da Angelo Barbosa | Feb 1, 2025 | CVE

A vulnerability, which was classified as critical, was found in vanquish WooCommerce Support Ticket System Plugin up to 17.8 on WordPress. This affects the function ajax_delete_message/ajax_get_customers_partial_list/ajax_get_admins_list. The manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2024-13775. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2024-13775 | vanquish WooCommerce Support Ticket System Plugin up to 17.8 on WordPress authorization

Post correlati

CVE-2024-7209 | NetWin/Bird Fastmail SPF Record authentication spoofing

CVE-2024-37294 | aimeos up to 2022.10.16/2023.10.16/2024.04.6 privilege context switching error (GHSA-xjm6-jfmg-qc6p)

CVE-2023-4223 | Chamilo LMS up to 1.11.24 document.ajax.php unrestricted upload

CVE-2024-32025 | bmaltais kohya_ss up to 23.1.4 group_images_gui.py command injection (GHSA-qprv-9pg5-h33c)