CVE-2024-10625
📋 TL;DR
The WooCommerce Support Ticket System WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the server. This affects all versions up to 17.7 and can lead to complete site compromise when critical files like wp-config.php are deleted. WordPress sites using this plugin are vulnerable.
💻 Affected Systems
- WooCommerce Support Ticket System WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover via remote code execution after deleting wp-config.php or other critical files, leading to data theft, defacement, or ransomware deployment.
Likely Case
Site disruption or downtime from deletion of important files, potentially requiring full restoration from backups.
If Mitigated
Limited impact if proper file permissions and web application firewalls block exploitation attempts.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill due to public proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 17.8 or later
Vendor Advisory: https://codecanyon.net/item/woocommerce-support-ticket-system/17930050
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Support Ticket System'. 4. Click 'Update Now' if available. 5. If no update appears, download version 17.8+ from CodeCanyon and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched.
wp plugin deactivate woocommerce-support-ticket-system
Web Application Firewall Rule
allBlock requests to the vulnerable delete_tmp_uploaded_file() function endpoint.
# Add rule to block POST requests to */wp-admin/admin-ajax.php with action=delete_tmp_uploaded_file
🧯 If You Can't Patch
- Implement strict file permissions (e.g., 644 for files, 755 for directories) to limit deletion capabilities.
- Deploy a web application firewall (WAF) with rules to block arbitrary file deletion attempts.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for 'WooCommerce Support Ticket System' version 17.7 or lower.Check Version:
wp plugin get woocommerce-support-ticket-system --field=versionVerify Fix Applied:
Confirm plugin version is 17.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with 'action=delete_tmp_uploaded_file' parameter
- File deletion events in web server logs for unexpected paths
Network Indicators:
- HTTP POST requests containing file paths in parameters targeting the vulnerable endpoint
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="delete_tmp_uploaded_file"