Does ilGhera Support System for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in ilGhera Support System for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ilGhera Support System for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, ilGhera Support System for WooCommerce 1.2.10 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is ilGhera Support System for WooCommerce updated?

ilGhera Support System for WooCommerce was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is ilGhera Support System for WooCommerce's security score?

ilGhera Support System for WooCommerce has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ilGhera Support System for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-support-system

Give support to your WooComerce customers with this fast and easy to use ticket system.

80 active installs v1.2.10 PHP + WP 5.0+ Updated Feb 10, 2026

orderssupportthreadticketwoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEJan 5, 2026

Plugin page Download

Safety Verdict

Is ilGhera Support System for WooCommerce Safe to Use in 2026?

Generally Safe

Score 93/100

ilGhera Support System for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 5, 2026Updated 1mo ago

Risk Assessment

The wc-support-system plugin v1.2.10 presents a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and a significant number of nonce and capability checks, there are notable areas of concern. The presence of 2 AJAX handlers without authentication checks and 2 taint flows with unsanitized paths indicate potential vulnerabilities that could be exploited by attackers. The plugin's vulnerability history, with 3 known CVEs including high and medium severity issues like Missing Authorization and SQL Injection, further reinforces these concerns. Although there are currently no unpatched CVEs, the recurring nature of these vulnerability types suggests a pattern that warrants attention. Overall, while the plugin incorporates some security measures, the identified entry points lacking authentication and the historical vulnerability trends necessitate a cautious approach to its deployment.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths (High severity)
Historical high severity vulnerabilities (SQLi, Missing Auth)
Output escaping is not fully proper (64%)

Vulnerabilities

ilGhera Support System for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-14034medium · 5.3Missing Authorization

ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

Jan 5, 2026 Patched in 1.2.7 (1d)

CVE-2023-41686high · 7.3Missing Authorization

Woocommerce Support System <= 1.2.2 - Missing Authorization

Sep 4, 2023 Patched in 1.2.3 (255d)

CVE-2023-41685high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'

Sep 4, 2023 Patched in 1.2.2 (255d)

Code Analysis

Analyzed Mar 16, 2026

ilGhera Support System for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

142 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

84% prepared19 total queries

Output Escaping

64% escaped222 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

get_ticket_content_callback (includes\class-wc-support-system.php:930)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

ilGhera Support System for WooCommerce Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 9

authwp_ajax_delete-ticketincludes\class-wc-support-system.php:66

authwp_ajax_delete-threadincludes\class-wc-support-system.php:67

authwp_ajax_change-ticket-statusincludes\class-wc-support-system.php:68

authwp_ajax_get_ticket_contentincludes\class-wc-support-system.php:69

noprivwp_ajax_get_ticket_contentincludes\class-wc-support-system.php:70

authwp_ajax_product-select-warningincludes\class-wc-support-system.php:71

noprivwp_ajax_product-select-warningincludes\class-wc-support-system.php:72

authwp_ajax_update-additional-recipientsincludes\class-wc-support-system.php:73

noprivwp_ajax_update-additional-recipientsincludes\class-wc-support-system.php:74

Shortcodes 1

[support-tickets-table] includes\class-wc-support-system.php:78

WordPress Hooks 29

actionwss_cron_tickets_actionincludes\class-wc-support-system.php:46

actionadmin_initincludes\class-wc-support-system.php:48

actionadmin_initincludes\class-wc-support-system.php:49

actionadmin_menuincludes\class-wc-support-system.php:50

actionadmin_enqueue_scriptsincludes\class-wc-support-system.php:52

actionwp_enqueue_scriptsincludes\class-wc-support-system.php:54

actionadmin_footerincludes\class-wc-support-system.php:56

actionadmin_footerincludes\class-wc-support-system.php:57

actionadmin_footerincludes\class-wc-support-system.php:58

actionadmin_footerincludes\class-wc-support-system.php:59

actioninitincludes\class-wc-support-system.php:61

actioninitincludes\class-wc-support-system.php:62

actioninitincludes\class-wc-support-system.php:63

actioninitincludes\class-wc-support-system.php:64

actionwp_footerincludes\class-wc-support-system.php:76

filterthe_contentincludes\class-wc-support-system.php:80

filterset-screen-optionincludes\class-wc-support-system.php:81

filterparse_queryincludes\class-wc-support-system.php:82

actionwp_footerincludes\class-wc-support-system.php:1389

actionadmin_headincludes\class-wc-support-system.php:1551

actionwp_footerincludes\class-wc-support-system.php:1553

actionadmin_initincludes\ilghera-notice\class-ilghera-notice.php:64

actionadmin_enqueue_scriptsincludes\ilghera-notice\class-ilghera-notice.php:65

actionadmin_noticesincludes\ilghera-notice\class-ilghera-notice.php:230

actionadmin_noticesincludes\ilghera-notice\class-ilghera-notice.php:240

actionadmin_noticesincludes\ilghera-notice\class-ilghera-notice.php:250

actionadmin_noticeswc-support-system.php:47

actionplugins_loadedwc-support-system.php:83

actionbefore_woocommerce_initwc-support-system.php:91

Scheduled Events 1

wss_cron_tickets_action

Maintenance & Trust

ilGhera Support System for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 10, 2026

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings3

Active installs80

Alternatives

ilGhera Support System for WooCommerce Alternatives

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

ELEX WordPress HelpDesk & Customer Ticketing System offers top-notch features for the best customer support experience.

300 13 CVEs

Product Ticket System For WooCommerce

product-ticket-system-for-woocommerce

Boost customer support with our WooCommerce Product Ticket System. Let customers create tickets from orders; admins manage with ease.

0 No CVEs

Advanced Order Export For WooCommerce

woo-order-export-lite

Export WooCommerce orders to Excel, CSV, XML, JSON, PDF and HTML. Best free order export plugin for WooCommerce.

100K 8 CVEs

Order Export & Order Import for WooCommerce

order-import-export-for-woocommerce

The best order export import plugin for WooCommerce. Easily import and export WooCommerce orders and WooCommerce coupons using CSV.

60K 7 CVEs

ATUM WooCommerce Inventory Management and Stock Tracking

atum-stock-manager-for-woocommerce

100

WooCommerce Full Inventory Management, Purchase Orders, Suppliers, Inbound Stock, Inventory Logs, WooCommerce Sales Statistics, and More.

10K No CVEs

Developer Profile

ilGhera Support System for WooCommerce Developer Profile

ilGhera

13 plugins · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

150 days

View full developer profile

Detection Fingerprints

How We Detect ilGhera Support System for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-support-system/assets/css/backend.css/wp-content/plugins/wc-support-system/assets/css/frontend.css/wp-content/plugins/wc-support-system/assets/js/backend.js/wp-content/plugins/wc-support-system/assets/js/frontend.js

Script Paths

/wp-content/plugins/wc-support-system/assets/js/backend.js/wp-content/plugins/wc-support-system/assets/js/frontend.js

Version Parameters

wc-support-system/assets/css/backend.css?ver=wc-support-system/assets/css/frontend.css?ver=wc-support-system/assets/js/backend.js?ver=wc-support-system/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

wss-ticket-itemwss-ticket-listwss-ticket-contentwss-ticket-headerwss-ticket-bodywss-ticket-footerwss-new-ticket-formwss-thread-item+22 more

Data Attributes

data-ticket-iddata-thread-id

JS Globals

wss_datawss_ajax_object

Shortcode Output

[support-tickets-table]

FAQ