cleantalk
Vulnerabilities and Security Researches

Woocommerce Support System, CVE-2025-14033

CVE, Research URL

CVE-2025-14033

Home page URL

Security reports for Woocommerce Support System

Application

Woocommerce Support System

Published on
May 13, 2026
Research Description
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID.
Affected versions
max 1.3.1.
Status
vulnerable
Previous vulnerability researches
MW WP Form (CVE-2026-5436) , Apr 13, 2026
MW WP Form (CVE-2026-4347) , Apr 13, 2026
MW WP Form (f8ff86f77b0d6ce822aaa5af5c71d680ab99821f) , Jun 06, 2024
MW WP Form (CVE-2023-6559) , Jun 06, 2024
MW WP Form (CVE-2024-24804) , Jun 06, 2024
New vulnerability
WPGraphQL (CVE-2021-47959) , May 16, 2026
Smartcat Integration for WPML (CVE-2026-4683) , May 16, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2026-6929) , May 16, 2026
Woocommerce Support System (CVE-2025-14033) , May 16, 2026
MW WP Form (CVE-2026-6206) , May 16, 2026