CVE-2025-60235

CRITICAL 10.0

WordPress Support Ticket System for WooCommerce plugin <= 2.0.7 - Arbitrary File Upload vulnerability

CVSS Score

10.0

EPSS Score

0.0%

EPSS Percentile

0th

Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce (Premium): from n/a through <= 2.0.7.

CWE	CWE-434
Vendor	plugify
Product	support ticket system for woocommerce (premium)
Published	Nov 6, 2025
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for plugify support ticket system for woocommerce (premium)

Be the first to know when new critical vulnerabilities affecting plugify support ticket system for woocommerce (premium) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Plugify / Support Ticket System for WooCommerce (Premium)

0 ≤ 2.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/support-ticket-system-for-woocommerce/vulnerability/wordpress-helpdesk-support-ticket-system-for-woocommerce-plugin-2-0-7-arbitrary-file-upload-vulnerability?_s_id=cve

Credits

0xd4rk5id3 | Patchstack Bug Bounty Program