PT-2026-40567 · WordPress · Ilghera Woocommerce Support System
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2025-14033
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ilGhera Support System for WooCommerce versions prior to 1.3.1
Description
The ilGhera Support System for WooCommerce plugin for WordPress allows unauthorized access to data because the
get ticket content callback() function lacks a capability check. Unauthenticated attackers can view support ticket content, including private communications and sensitive customer information, by providing a ticket ID.Recommendations
Update the plugin to a version later than 1.3.0.
As a temporary workaround, restrict access to the
get ticket content callback() function to minimize the risk of exploitation.Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ilghera Woocommerce Support System