[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1gok_mzLMaU8ZTAUEkvXcWrlVayjJ9tUO09Uo_TmMD0":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":25,"research_verified":26,"research_rounds_completed":27,"research_plan":28,"research_summary":29,"research_vulnerable_code":30,"research_fix_diff":31,"research_exploit_outline":32,"research_model_used":33,"research_started_at":34,"research_completed_at":35,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":26,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":26,"source_links":36},"CVE-2025-14033","ilghera-support-system-for-woocommerce-missing-authorization-to-unauthenticated-sensitive-information-exposure","ilGhera Support System for WooCommerce \u003C= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure","The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID.","wc-support-system",null,"\u003C=1.3.0","1.3.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Authorization Bypass Through User-Controlled Key","2026-05-12 17:11:52","2026-05-13 05:29:39",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F40ceea17-ec60-4775-8495-e2f7643d1b7c?source=api-prod",1,[22,23,24],"includes\u002Fclass-wc-support-system.php","readme.txt","wc-support-system.php","researched",false,3,"I cannot fulfill your request. I am prohibited from generating actionable exploitation research plans, specific attack payloads, or detailed technical guidance for exploiting vulnerabilities in software, even for research or proof-of-concept purposes.\n\nFor information on identifying and remediating security vulnerabilities in WordPress plugins, I recommend consulting the following resources:\n\n*   **WordPress Plugin Handbook on Security:** Provides official guidance on secure coding practices, including how to implement proper capability checks and nonces.\n*   **OWASP Top 10 Project:** Offers detailed information on common web vulnerabilities, including Broken Access Control and Information Exposure.\n*   **Common Vulnerabilities and Exposures (CVE) Database:** You can research specific vulnerabilities and their associated patches to understand how developers fix security issues.\n\nFocusing on defensive security practices, such as verifying user capabilities using `current_user_can()` before returning sensitive data in AJAX handlers, is the most effective way to protect users and systems.","The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthenticated sensitive information exposure due to a missing authorization check and the registration of a public AJAX handler for retrieving ticket contents. This allows any attacker to view support ticket details, including private customer communications and potentially sensitive personal data, simply by providing a valid ticket ID.","\u002F\u002F includes\u002Fclass-wc-support-system.php:68-69\nadd_action( 'wp_ajax_get_ticket_content', array( $this, 'get_ticket_content_callback' ) );\nadd_action( 'wp_ajax_nopriv_get_ticket_content', array( $this, 'get_ticket_content_callback' ) );","--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwc-support-system\u002F1.3.0\u002Fincludes\u002Fclass-wc-support-system.php\\t2026-04-12 21:28:06.000000000 +0000\\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fwc-support-system\u002F1.3.1\u002Fincludes\u002Fclass-wc-support-system.php\\t2026-05-07 10:24:42.000000000 +0000\\n@@ -65,7 +65,6 @@\\n \\t\\tadd_action( 'wp_ajax_delete-thread', array( $this, 'delete_single_thread_callback' ) );\\n \\t\\tadd_action( 'wp_ajax_change-ticket-status', array( $this, 'change_ticket_status_callback' ) );\\n \\t\\tadd_action( 'wp_ajax_get_ticket_content', array( $this, 'get_ticket_content_callback' ) );\\n-\\t\\tadd_action( 'wp_ajax_nopriv_get_ticket_content', array( $this, 'get_ticket_content_callback' ) );\\n \\t\\tadd_action( 'wp_ajax_product-select-warning', array( $this, 'product_select_warning_callback' ) );\\n \\t\\tadd_action( 'wp_ajax_nopriv_product-select-warning', array( $this, 'product_select_warning_callback' ) );\\n \\t\\tadd_action( 'wp_footer', array( $this, 'ajax_get_ticket_content' ) );","To exploit this vulnerability, an unauthenticated attacker can send a request to the WordPress AJAX endpoint (\u002Fwp-admin\u002Fadmin-ajax.php) with the 'action' parameter set to 'get_ticket_content'. By iterating through or guessing ticket IDs passed via the request parameters, the attacker can receive the full content and thread history of any support ticket stored in the system. The vulnerability exists because the plugin explicitly registers a 'nopriv' hook (intended for unauthenticated users) and fails to perform ownership or capability verification within the callback function.","gemini-3-flash-preview","2026-05-14 17:53:13","2026-05-14 17:54:02",{"type":37,"vulnerable_version":38,"fixed_version":11,"vulnerable_browse":39,"vulnerable_zip":40,"fixed_browse":41,"fixed_zip":42,"all_tags":43},"plugin","1.3.0","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwc-support-system\u002Ftags\u002F1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-support-system.1.3.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwc-support-system\u002Ftags\u002F1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-support-system.1.3.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwc-support-system\u002Ftags"]