CVE-2024-10627

Name of the Vulnerable Software and Affected Versions WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7

Description The issue is related to arbitrary file uploads due to missing file type validation in the ajax manage file chunk upload() function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations Update to the latest version immediately to protect your site. As a temporary workaround, consider disabling the ajax manage file chunk upload() function until a patch is available. Restrict access to the vulnerable plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about other mitigation measures.