CVE-2024-10627 – The WooCommerce Support Ticket System plugin fo... (How to Fix)

Q: What is the severity of CVE-2024-10627?

CVE-2024-10627 has a CVSS score of 9.8 (CRITICAL). The WooCommerce Support Ticket System plugin for WordPress has an unauthenticated arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. This affects all versions up to 17.7 and can lead to remote code execution. Any WordPress site using this plugin is vulnerable.

📋 TL;DR

The WooCommerce Support Ticket System plugin for WordPress has an unauthenticated arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. This affects all versions up to 17.7 and can lead to remote code execution. Any WordPress site using this plugin is vulnerable.

💻 Affected Systems

Products:

WooCommerce Support Ticket System WordPress Plugin

Versions: All versions up to and including 17.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default plugin configuration; no special settings required.

📦 What is this software?

Woocommerce Support Ticket System by Vanquish

View all CVEs affecting Woocommerce Support Ticket System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, data theft, site defacement, and malware distribution.

🟠

Likely Case

Webshell upload leading to backdoor persistence, data exfiltration, and further privilege escalation.

🟢

If Mitigated

File upload attempts blocked, no code execution possible, but attack attempts may still consume resources.

🌐 Internet-Facing: HIGH - Unauthenticated exploit targeting internet-facing WordPress sites.

🏢 Internal Only: MEDIUM - Lower exposure but still vulnerable if internal users access the site.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST requests can exploit this vulnerability; exploit code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 17.8 or later

Vendor Advisory: https://codecanyon.net/item/woocommerce-support-ticket-system/17930050

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'WooCommerce Support Ticket System'. 4. Click 'Update Now' if available. 5. If manual update needed, download version 17.8+ from CodeCanyon and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate woocommerce-support-ticket-system

Web Application Firewall Rule

linux

Block requests to the vulnerable ajax endpoint.

# Example mod_security rule: SecRule REQUEST_URI "@contains ajax_manage_file_chunk_upload" "id:1001,deny,status:403"

🧯 If You Can't Patch

Remove plugin files completely from server
Implement strict file upload restrictions at web server level

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 17.7 or lower, you are vulnerable.

Check Version:

wp plugin get woocommerce-support-ticket-system --field=version

Verify Fix Applied:

Confirm plugin version is 17.8 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with action=manage_file_chunk_upload
File uploads to unusual directories like wp-content/uploads/ with PHP/executable extensions

Network Indicators:

Unusual POST requests to admin-ajax.php endpoint from unexpected sources
Traffic patterns showing file uploads to WordPress directories

SIEM Query:

source="web_server" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="manage_file_chunk_upload"

📊 Metadata

CVE ID: CVE-2024-10627

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: November 9, 2024

Last Updated: June 5, 2025

🔗 References

https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac218f6-0bfa-480c-9159-d75a027022ba?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10627, you might also want to check these: