Unauthorized Access Vulnerability in WooCommerce Support Ticket System Plugin by WordPress
CVE-2024-13775

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: WooCommerce Support Ticket System
Vendor: CVE Published:; 1 February 2025

What is CVE-2024-13775?

The WooCommerce Support Ticket System plugin for WordPress is susceptible to unauthorized access due to inadequate capability checks on critical AJAX functions. This vulnerability could allow authenticated attackers, holding Subscriber-level access and above, to arbitrarily delete content and access sensitive information such as user names, emails, and capabilities. All versions up to and including 17.8 are affected, highlighting the need for immediate action to safeguard user data and maintain system integrity.

Affected Version(s)

WooCommerce Support Ticket System * <= 17.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/woocommerce-support-ticket-sy...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2025
Vulnerability Reserved
Jan 28, 2025

Credit

Lucio Sá