Facturaone Ticketbai Facturas Para Woocommerce vulnerabilities
3 known vulnerabilities affecting facturaone/ticketbai_facturas_para_woocommerce.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-4564P2CRITICALCVSS 9.8≤ 3.182025-05-15
CVE-2025-4564 [CRITICAL] CWE-22 CVE-2025-4564: The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletio
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution
nvd
CVE-2025-24767P2CRITICALCVSS 9.3≤ 3.192025-06-09
CVE-2025-24767 [CRITICAL] CWE-89 CVE-2025-24767: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.19.
nvd
CVE-2025-24762P4MEDIUMCVSS 5.4≤ 3.452025-06-06
CVE-2025-24762 [MEDIUM] CWE-862 CVE-2025-24762: Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai a
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45.
nvd