Unauthorized Access Vulnerability in WooCommerce Support Ticket System Plugin by WordPress
CVE-2024-13775
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 1 February 2025
What is CVE-2024-13775?
The WooCommerce Support Ticket System plugin for WordPress is susceptible to unauthorized access due to inadequate capability checks on critical AJAX functions. This vulnerability could allow authenticated attackers, holding Subscriber-level access and above, to arbitrarily delete content and access sensitive information such as user names, emails, and capabilities. All versions up to and including 17.8 are affected, highlighting the need for immediate action to safeguard user data and maintain system integrity.
Affected Version(s)
WooCommerce Support Ticket System * <= 17.8