CVE-2024-13775

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 1, 2025

CWE ID 862

Summary

CVE-2024-13775 is a vulnerability affecting the WooCommerce Support Ticket System plugin for WordPress. The flaw, present in all versions up to 17.8, allows authenticated attackers with Subscriber-level access or above to delete arbitrary posts and access sensitive user information. The vulnerability stems from missing capability checks on the functions 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list'. As a result, attackers can delete messages, read user names, emails, and capabilities, posing a significant risk to data loss and unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/24A6U8
https://www.cve.org/CVERecord?id=CVE-2024-13775
https://nvd.nist.gov/vuln/detail/CVE-2024-13775

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners

CVE-2024-13775

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations