VYPR

TicketBAI Facturas para WooCommerce

by WordPress

CVEs (3)

  • CVE-2025-24767CriJun 9, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.19.

  • CVE-2025-4564CriMay 15, 2025
    risk 0.57cvss 9.8epss 0.01

    The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete…

  • CVE-2025-24762MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45.