What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce (Premium): from n/a through <= 2.0.7.
Explanation of Vulnerability in Simple Terms
02Summary
The Support Ticket System for WooCommerce plugin allows unauthenticated attackers to upload files without restriction. An attacker can upload malicious files to the server over the network without needing credentials or user interaction. This can lead to complete compromise of the site, including data theft, site defacement, and malware installation.
What an attacker can do
03Attacker Capabilities
Upload malicious files to the server and run their own code on the site.
Potential impact on your site
04Site Impact
Complete site compromise: attackers can steal data, deface content, install malware, or take full control.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
November 6, 2025
CVE published
April 28, 2026
Record updated