Path Traversal Vulnerability in WooCommerce Support Ticket System by Vanquish
CVE-2026-32522

8.6HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
25 March 2026

What is CVE-2026-32522?

A path traversal vulnerability in the WooCommerce Support Ticket System allows attackers to manipulate pathname variables. This can enable unauthorized access to files outside the intended directory, exposing sensitive information or possibly leading to arbitrary file deletion. The issue affects versions prior to 18.5, and users are advised to update to ensure the security of their systems.

Affected Version(s)

WooCommerce Support Ticket System <= n/a

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO | Patchstack Bug Bounty Program
.