cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwc-support-system wc-support-system

Direction: ascending
Jun 07, 2024

Woocommerce Support System # CVE-2023-41685

CVE, Research URL

CVE-2023-41685

Home page URL

Security reports for Woocommerce Support System

Application

Woocommerce Support System

Date
Nov 06, 2023
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.
Affected versions
max 1.2.2.
Status
vulnerable
Jun 10, 2024

Woocommerce Support System # CVE-2023-41686

CVE, Research URL

CVE-2023-41686

Home page URL

Security reports for Woocommerce Support System

Application

Woocommerce Support System

Date
Dec 13, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2.
Affected versions
max 1.2.3.
Status
vulnerable
Jan 10, 2026

Woocommerce Support System # CVE-2025-14034

CVE, Research URL

CVE-2025-14034

Home page URL

Security reports for Woocommerce Support System

Application

Woocommerce Support System

Date
Jan 06, 2026
Research Description
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary support tickets and modify their status.
Affected versions
max 1.2.7.
Status
vulnerable
May 16, 2026

Woocommerce Support System # CVE-2025-14033

CVE, Research URL

CVE-2025-14033

Home page URL

Security reports for Woocommerce Support System

Application

Woocommerce Support System

Date
May 13, 2026
Research Description
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID.
Affected versions
max 1.3.1.
Status
vulnerable