Unauthorized Access to Restricted Directory via Path Traversal
CVE-2024-44011

7.5HIGH

Key Information:

Vendor: WordPress
Status: WP Ticket Ultra Help Desk & Support Plugin
Vendor: CVE Published:; 5 October 2024

Summary

The WP Ticket Ultra Help Desk & Support Plugin is exposed to a Path Traversal vulnerability that allows attackers to improperly access restricted directories on the server. This vulnerability enables PHP Local File Inclusion, which can lead to unauthorized file access and could potentially be exploited to execute arbitrary code. The issue affects all versions leading up to and including 1.0.5, leaving the server vulnerable to malicious exploitation.

Affected Version(s)

WP Ticket Ultra Help Desk & Support Plugin <= 1.0.5

References

https://patchstack.com/database/vulnerability/wp-ticket-u...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2024
Vulnerability Reserved
Aug 18, 2024

Credit

tahu.datar (Patchstack Alliance)