Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-10625
CVE-2024-10625:
WordPress vulnerability analysis and mitigation
Overview
The WooCommerce Support Ticket System plugin for WordPress contains a critical vulnerability (CVE-2024-10625) discovered on November 8, 2024. The vulnerability affects all versions up to and including 17.7. This security flaw exists in the deletetmpuploaded_file() function, which lacks proper file path validation (NVD).
Technical details
The vulnerability is classified as a Path Traversal issue (CWE-22) that allows for improper limitation of a pathname to a restricted directory. The severity is rated as Critical with a CVSS v3.1 Base Score of 9.8 (CRITICAL) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating the highest level of severity (NVD).
Impact
The vulnerability enables unauthenticated attackers to delete arbitrary files on the server. This capability is particularly dangerous as it can lead to remote code execution when critical files, such as wp-config.php, are targeted for deletion (NVD).
Mitigation and workarounds
Users should immediately update their WooCommerce Support Ticket System plugin to a version newer than 17.7. The vulnerability has been addressed in subsequent releases (Wordfence).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management