Gratis scannen
Analyse in behandelingCVE-2025-14033

CVE-2025-14033: Unauthorized Access in ilGhera Support System

Platform

wordpress

Component

wc-support-system

Opgelost in

1.3.1

Bekijk op NVD
Opslaan

CVE-2025-14033 is a medium-severity vulnerability affecting the ilGhera Support System for WooCommerce plugin for WordPress. This vulnerability allows unauthenticated attackers to access sensitive support ticket content, potentially exposing customer information and private communications. The vulnerability impacts versions 0 through 1.3.0 of the plugin, and a fix is available in version 1.3.1.

WordPress

Detecteer deze CVE in je project

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannen

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2025-14033 is the unauthorized disclosure of sensitive data. An attacker can simply provide a valid ticket ID to view the complete content of any support ticket, regardless of authentication status. This includes customer names, email addresses, support requests, and any internal communications related to the ticket. The blast radius extends to any customer who has submitted a support ticket through the affected plugin. This vulnerability could lead to reputational damage, regulatory fines (e.g., GDPR), and potential legal action if customer data is compromised.

Uitbuitingscontextwordt vertaald…

As of the publication date, there is no public evidence of CVE-2025-14033 being actively exploited in the wild. The vulnerability is not listed on KEV or EPSS. The CVSS score of 5.3 indicates a medium probability of exploitation. Monitor WordPress security forums and vulnerability databases for any updates regarding exploitation attempts.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

CISA SSVC

Exploitatienone
Automatiseerbaaryes
Technische Impactpartial

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.3MEDIUMAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityLowRisico op blootstelling van gevoelige dataIntegrityNoneRisico op ongeautoriseerde gegevenswijzigingAvailabilityNoneRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Laag — gedeeltelijke toegang tot enkele gegevens.
Integrity
Geen — geen integriteitsimpact.
Availability
Geen — geen beschikbaarheidsimpact.

Getroffen Software

Componentwc-support-system
Leverancierwordfence
Maximumversie1.3.0
Opgelost in1.3.1

Zwakheidsclassificatie (CWE)

CWE-639

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. Gewijzigd

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2025-14033 is to immediately upgrade the ilGhera Support System for WooCommerce plugin to version 1.3.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily disabling the plugin to prevent unauthorized access. While a direct workaround is not available, carefully review all plugin configurations and ensure that access controls are as restrictive as possible. After upgrading, verify the fix by attempting to access a support ticket without authentication; access should be denied.

Hoe te verhelpen

Update naar versie 1.3.1, of een nieuwere gepatchte versie

Veelgestelde vragenwordt vertaald…

What is CVE-2025-14033 — Unauthorized Access in ilGhera Support System?

CVE-2025-14033 is a medium-severity vulnerability in the ilGhera Support System for WooCommerce plugin for WordPress. It allows unauthenticated attackers to view support ticket content, potentially exposing sensitive customer data.

Am I affected by CVE-2025-14033 in ilGhera Support System?

You are affected if your WordPress site uses the ilGhera Support System for WooCommerce plugin in versions 0 through 1.3.0. Upgrade to 1.3.1 or later to mitigate the risk.

How do I fix CVE-2025-14033 in ilGhera Support System?

Upgrade the ilGhera Support System for WooCommerce plugin to version 1.3.1 or later. If immediate upgrade is not possible, temporarily disable the plugin.

Is CVE-2025-14033 being actively exploited?

There is currently no public evidence of CVE-2025-14033 being actively exploited, but the medium CVSS score suggests a potential risk.

Where can I find the official ilGhera Support System advisory for CVE-2025-14033?

Refer to the official ilGhera Support System website and WordPress plugin repository for updates and advisories related to CVE-2025-14033.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
WordPress

Detecteer deze CVE in je project

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannen
livefree scan

Scan nu uw WordPress project — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...