Plattform
wordpress
Komponente
woocommerce-support-ticket-system
Behoben in
17.7.1
CVE-2024-10626 is an arbitrary file access vulnerability discovered in the WooCommerce Support Ticket System plugin for WordPress. This flaw allows authenticated attackers, even those with Subscriber-level access, to delete files on the server. The most severe impact arises from the potential to delete critical configuration files like wp-config.php, which could lead to remote code execution. This vulnerability affects versions of the plugin up to and including 17.7.
The core of the vulnerability lies in insufficient file path validation within the deleteuploadedfile() function. This oversight permits an authenticated attacker to manipulate file paths, effectively bypassing security checks and deleting files they shouldn't have access to. The most concerning scenario involves the deletion of wp-config.php, which contains sensitive database credentials and configuration settings. Successful deletion of this file would grant the attacker complete control over the WordPress site, enabling them to execute arbitrary code, steal data, and potentially pivot to other systems on the network. While the vulnerability requires authentication, the relatively low privilege level (Subscriber) significantly expands the potential attack surface.
CVE-2024-10626 was publicly disclosed on November 9, 2024. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the potential for remote code execution make it a high-priority vulnerability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and the plugin's popularity.
WordPress websites utilizing the WooCommerce Support Ticket System plugin, particularly those with Subscriber-level users having excessive file system permissions, are at significant risk. Shared hosting environments where users have limited control over file system permissions are also particularly vulnerable.
• wordpress / composer / npm:
grep -r 'delete_uploaded_file' /var/www/html/wp-content/plugins/woocommerce-support-tickets/• wordpress / composer / npm:
wp plugin list --status=inactive | grep woocommerce-support-tickets• wordpress / composer / npm:
find /var/www/html/wp-content/uploads/ -type f -mtime +7 -printdisclosure
Exploit-Status
EPSS
24.48% (96% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the WooCommerce Support Ticket System plugin to a version that addresses this vulnerability. The vendor has released a patch, and applying it is the most effective way to eliminate the risk. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting file upload permissions for users with Subscriber roles. Additionally, implement a Web Application Firewall (WAF) with rules to block suspicious file deletion requests targeting the plugin's endpoints. Regularly review WordPress file permissions to ensure they are as restrictive as possible. After upgrading, verify the fix by attempting to delete a non-critical file through the plugin's interface with a Subscriber-level user account; the deletion should be denied.
Actualice el plugin WooCommerce Support Ticket System a la última versión disponible. La vulnerabilidad se encuentra en versiones anteriores a la más reciente. La actualización corregirá la vulnerabilidad de eliminación arbitraria de archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-10626 is a vulnerability allowing authenticated attackers to delete arbitrary files on a WordPress server running the WooCommerce Support Ticket System plugin, potentially leading to remote code execution.
You are affected if you are using the WooCommerce Support Ticket System plugin version 17.7 or earlier. Check your plugin version and upgrade as soon as a patch is available.
Upgrade the WooCommerce Support Ticket System plugin to a patched version. Until a patch is available, restrict file upload permissions and consider WAF rules.
There is currently no indication of active exploitation in the wild, but public PoCs are likely to emerge.
Refer to the WooCommerce website and WordPress security announcements for the official advisory when it is released.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.