CVE-2025-5957

Name of the Vulnerable Software and Affected Versions: The Guest Support – Complete customer support ticket system for WordPress plugin versions prior to 1.2.3

Description: The issue is related to a missing capability check on the deleteMassTickets function, allowing unauthenticated attackers to delete arbitrary support tickets, resulting in unauthorized loss of data.

Recommendations: For versions up to and including 1.2.2, as a temporary workaround, consider disabling the deleteMassTickets function until a patch is available. Update to a version later than 1.2.2 to resolve the issue.