Does ilGhera Support System for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ilGhera Support System for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, ilGhera Support System for WooCommerce 1.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is ilGhera Support System for WooCommerce updated?

ilGhera Support System for WooCommerce was last updated on Apr 12, 2026. Frequent updates are generally a positive security signal.

What is ilGhera Support System for WooCommerce's security score?

ilGhera Support System for WooCommerce has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ilGhera Support System for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-support-system

Give support to your WooComerce customers with this fast and easy to use ticket system.

70 active installs v1.3.0 PHP + WP 5.0+ Updated Apr 12, 2026

orderssupportthreadticketwoocommerce

A · Safe

CVEs total4

Unpatched0

Last CVEMay 12, 2026

Plugin page Download

Safety Verdict

Is ilGhera Support System for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

ilGhera Support System for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: May 12, 2026Updated 1mo ago

Risk Assessment

The wc-support-system plugin v1.2.10 presents a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and a significant number of nonce and capability checks, there are notable areas of concern. The presence of 2 AJAX handlers without authentication checks and 2 taint flows with unsanitized paths indicate potential vulnerabilities that could be exploited by attackers. The plugin's vulnerability history, with 3 known CVEs including high and medium severity issues like Missing Authorization and SQL Injection, further reinforces these concerns. Although there are currently no unpatched CVEs, the recurring nature of these vulnerability types suggests a pattern that warrants attention. Overall, while the plugin incorporates some security measures, the identified entry points lacking authentication and the historical vulnerability trends necessitate a cautious approach to its deployment.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths (High severity)
Historical high severity vulnerabilities (SQLi, Missing Auth)
Output escaping is not fully proper (64%)

Vulnerabilities

4 published

ilGhera Support System for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-14033medium · 5.3Authorization Bypass Through User-Controlled Key

ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

May 12, 2026 Patched in 1.3.1 (1d)

CVE-2025-14034medium · 5.3Missing Authorization

ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

Jan 5, 2026 Patched in 1.2.7 (1d)

CVE-2023-41686high · 7.3Missing Authorization

Woocommerce Support System <= 1.2.2 - Missing Authorization

Sep 4, 2023 Patched in 1.2.3 (255d)

CVE-2023-41685high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'

Sep 4, 2023 Patched in 1.2.2 (255d)

Version History

ilGhera Support System for WooCommerce Release Timeline

v1.3.0Current1 CVE

v1.2.101 CVE

v1.2.91 CVE

v1.2.81 CVE

v1.2.71 CVE

v1.2.62 CVEs

CVE-2025-14034 CVE-2025-14033

v1.2.52 CVEs

CVE-2025-14034 CVE-2025-14033

v1.2.42 CVEs

CVE-2025-14034 CVE-2025-14033

v1.2.32 CVEs

CVE-2025-14034 CVE-2025-14033

v1.2.23 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2025-14033

v1.2.14 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.2.04 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.1.24 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.1.14 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.1.04 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.0.54 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.0.44 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.0.34 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.0.24 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

v1.0.14 CVEs

CVE-2023-41686 CVE-2025-14034 CVE-2023-41685 +1 more

Code Analysis

Analyzed Mar 16, 2026

ilGhera Support System for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

142 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

84% prepared19 total queries

Output Escaping

64% escaped222 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

get_ticket_content_callback (includes\class-wc-support-system.php:930)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

ilGhera Support System for WooCommerce Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 9

authwp_ajax_delete-ticketincludes\class-wc-support-system.php:66

authwp_ajax_delete-threadincludes\class-wc-support-system.php:67

authwp_ajax_change-ticket-statusincludes\class-wc-support-system.php:68

authwp_ajax_get_ticket_contentincludes\class-wc-support-system.php:69

noprivwp_ajax_get_ticket_contentincludes\class-wc-support-system.php:70

authwp_ajax_product-select-warningincludes\class-wc-support-system.php:71

noprivwp_ajax_product-select-warningincludes\class-wc-support-system.php:72

authwp_ajax_update-additional-recipientsincludes\class-wc-support-system.php:73

noprivwp_ajax_update-additional-recipientsincludes\class-wc-support-system.php:74

Shortcodes 1

[support-tickets-table] includes\class-wc-support-system.php:78

WordPress Hooks 29

actionwss_cron_tickets_actionincludes\class-wc-support-system.php:46

actionadmin_initincludes\class-wc-support-system.php:48

actionadmin_initincludes\class-wc-support-system.php:49

actionadmin_menuincludes\class-wc-support-system.php:50

actionadmin_enqueue_scriptsincludes\class-wc-support-system.php:52

actionwp_enqueue_scriptsincludes\class-wc-support-system.php:54

actionadmin_footerincludes\class-wc-support-system.php:56

actionadmin_footerincludes\class-wc-support-system.php:57

actionadmin_footerincludes\class-wc-support-system.php:58

actionadmin_footerincludes\class-wc-support-system.php:59

actioninitincludes\class-wc-support-system.php:61

actioninitincludes\class-wc-support-system.php:62

actioninitincludes\class-wc-support-system.php:63

actioninitincludes\class-wc-support-system.php:64

actionwp_footerincludes\class-wc-support-system.php:76

filterthe_contentincludes\class-wc-support-system.php:80

filterset-screen-optionincludes\class-wc-support-system.php:81

filterparse_queryincludes\class-wc-support-system.php:82

actionwp_footerincludes\class-wc-support-system.php:1389

actionadmin_headincludes\class-wc-support-system.php:1551

actionwp_footerincludes\class-wc-support-system.php:1553

actionadmin_initincludes\ilghera-notice\class-ilghera-notice.php:64

actionadmin_enqueue_scriptsincludes\ilghera-notice\class-ilghera-notice.php:65

actionadmin_noticesincludes\ilghera-notice\class-ilghera-notice.php:230

actionadmin_noticesincludes\ilghera-notice\class-ilghera-notice.php:240

actionadmin_noticesincludes\ilghera-notice\class-ilghera-notice.php:250

actionadmin_noticeswc-support-system.php:47

actionplugins_loadedwc-support-system.php:83

actionbefore_woocommerce_initwc-support-system.php:91

Scheduled Events 1

wss_cron_tickets_action

Maintenance & Trust

ilGhera Support System for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 12, 2026

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings3

Active installs70

Alternatives

ilGhera Support System for WooCommerce Alternatives

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

ELEX WordPress HelpDesk & Customer Ticketing System offers top-notch features for the best customer support experience.

300 13 CVEs

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk

thrivedesk

Add ThriveDesk AI Live Chat & Chatbot to your WordPress for free to answer customers' questions and provide excellent support.

100 1 CVE

Polanger Ticket System for WooCommerce

polanger-ticket-system-for-woocommerce

100

Allows customers to create and manage support tickets from their WooCommerce account page.

0 No CVEs

Product Ticket System For WooCommerce

product-ticket-system-for-woocommerce

Boost customer support with our WooCommerce Product Ticket System. Let customers create tickets from orders; admins manage with ease.

0 No CVEs

Advanced Order Export For WooCommerce

woo-order-export-lite

Export WooCommerce orders to Excel, CSV, XML, JSON, PDF and HTML. Best free order export plugin for WooCommerce.

100K 8 CVEs

Developer Profile

ilGhera Support System for WooCommerce Developer Profile

ilGhera

16 plugins · 2K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

113 days

View full developer profile

Detection Fingerprints

How We Detect ilGhera Support System for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-support-system/assets/css/backend.css/wp-content/plugins/wc-support-system/assets/css/frontend.css/wp-content/plugins/wc-support-system/assets/js/backend.js/wp-content/plugins/wc-support-system/assets/js/frontend.js

Script Paths

/wp-content/plugins/wc-support-system/assets/js/backend.js/wp-content/plugins/wc-support-system/assets/js/frontend.js

Version Parameters

wc-support-system/assets/css/backend.css?ver=wc-support-system/assets/css/frontend.css?ver=wc-support-system/assets/js/backend.js?ver=wc-support-system/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

wss-ticket-itemwss-ticket-listwss-ticket-contentwss-ticket-headerwss-ticket-bodywss-ticket-footerwss-new-ticket-formwss-thread-item+22 more

Data Attributes

data-ticket-iddata-thread-id

JS Globals

wss_datawss_ajax_object

Shortcode Output

[support-tickets-table]

FAQ

ilGhera Support System for WooCommerce Security & Risk Analysis

Is ilGhera Support System for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

ilGhera Support System for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

ilGhera Support System for WooCommerce Release Timeline

ilGhera Support System for WooCommerce Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

ilGhera Support System for WooCommerce Attack Surface

AJAX Handlers 9

Shortcodes 1

Scheduled Events 1

ilGhera Support System for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

ilGhera Support System for WooCommerce Alternatives

ELEX WordPress HelpDesk & Customer Ticketing System

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk

Polanger Ticket System for WooCommerce

Product Ticket System For WooCommerce

Advanced Order Export For WooCommerce

ilGhera Support System for WooCommerce Developer Profile

How We Detect ilGhera Support System for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about ilGhera Support System for WooCommerce