cleantalk
Vulnerabilities and Security Researches

Guest Support – Complete customer support ticket system for WordPress, CVE-2025-5957

CVE, Research URL

CVE-2025-5957

Home page URL

Security reports for Guest Support – Complete customer support ticket system for WordPress

Application

Guest Support – Complete customer support ticket system for WordPress

Published on
Jul 08, 2025
Research Description
The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets.
Affected versions
Min -, max 1.2.3.
Status
vulnerable
Previous vulnerability researches
Webriti Companion (52f4899011bb8048ab6fa1821d40b576d764e3a9) , Jun 06, 2024
New vulnerability
Guest Support – Complete customer support ticket system for WordPress (CVE-2025-5957) , Jul 08, 2025
Contact Form 7 reCAPTCHA (CVE-2025-23972) , Jul 08, 2025
Easy Stripe (CVE-2025-49302) , Jul 08, 2025
Gallery Widget (CVE-2025-28969) , Jul 08, 2025
Contact Us Page – Contact People (CVE-2025-28967) , Jul 07, 2025