Primary

Context

Vanquish WooCommerce Support Ticket System Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Patched

A path traversal vulnerability has been identified in the Vanquish WooCommerce Support Ticket System plugin, affecting versions prior to 18.5. This vulnerability allows for improper limitation of pathname, enabling attackers to traverse directories and potentially delete arbitrary files from the website. Such file deletion could disrupt core functionalities, leading to a broken site.

Impact

Exploitation of this vulnerability could result in the deletion of arbitrary files from the website, including critical core files, which could cause the site to malfunction or become inoperable.

Remediation

Users of the Vanquish WooCommerce Support Ticket System plugin should update to version 18.5 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Mar 25, 2026, 6:19 PM

Updated: Mar 25, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vanquish WooCommerce Support Ticket System Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

vanquish WooCommerce Support Ticket System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating