CVE-2025-14033: Unauthorized Access in ilGhera Support System
平台
wordpress
组件
wc-support-system
修复版本
1.3.1
CVE-2025-14033 is a medium-severity vulnerability affecting the ilGhera Support System for WooCommerce plugin for WordPress. This vulnerability allows unauthenticated attackers to access sensitive support ticket content, potentially exposing customer information and private communications. The vulnerability impacts versions 0 through 1.3.0 of the plugin, and a fix is available in version 1.3.1.
检测此 CVE 是否影响你的项目
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
影响与攻击场景翻译中…
The primary impact of CVE-2025-14033 is the unauthorized disclosure of sensitive data. An attacker can simply provide a valid ticket ID to view the complete content of any support ticket, regardless of authentication status. This includes customer names, email addresses, support requests, and any internal communications related to the ticket. The blast radius extends to any customer who has submitted a support ticket through the affected plugin. This vulnerability could lead to reputational damage, regulatory fines (e.g., GDPR), and potential legal action if customer data is compromised.
利用背景翻译中…
As of the publication date, there is no public evidence of CVE-2025-14033 being actively exploited in the wild. The vulnerability is not listed on KEV or EPSS. The CVSS score of 5.3 indicates a medium probability of exploitation. Monitor WordPress security forums and vulnerability databases for any updates regarding exploitation attempts.
威胁情报
漏洞利用状态
EPSS
0.05% (14% 百分位)
CISA SSVC
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 低 — 无需特殊条件,可以稳定地利用漏洞。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 无 — 攻击自动且无声,受害者无需任何操作。
- Scope
- 未改变 — 影响仅限于脆弱组件本身。
- Confidentiality
- 低 — 可访问部分数据。
- Integrity
- 无 — 无完整性影响。
- Availability
- 无 — 无可用性影响。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-14033 is to immediately upgrade the ilGhera Support System for WooCommerce plugin to version 1.3.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily disabling the plugin to prevent unauthorized access. While a direct workaround is not available, carefully review all plugin configurations and ensure that access controls are as restrictive as possible. After upgrading, verify the fix by attempting to access a support ticket without authentication; access should be denied.
修复方法
更新至 1.3.1 版本,或更新的修复版本
常见问题翻译中…
What is CVE-2025-14033 — Unauthorized Access in ilGhera Support System?
CVE-2025-14033 is a medium-severity vulnerability in the ilGhera Support System for WooCommerce plugin for WordPress. It allows unauthenticated attackers to view support ticket content, potentially exposing sensitive customer data.
Am I affected by CVE-2025-14033 in ilGhera Support System?
You are affected if your WordPress site uses the ilGhera Support System for WooCommerce plugin in versions 0 through 1.3.0. Upgrade to 1.3.1 or later to mitigate the risk.
How do I fix CVE-2025-14033 in ilGhera Support System?
Upgrade the ilGhera Support System for WooCommerce plugin to version 1.3.1 or later. If immediate upgrade is not possible, temporarily disable the plugin.
Is CVE-2025-14033 being actively exploited?
There is currently no public evidence of CVE-2025-14033 being actively exploited, but the medium CVSS score suggests a potential risk.
Where can I find the official ilGhera Support System advisory for CVE-2025-14033?
Refer to the official ilGhera Support System website and WordPress plugin repository for updates and advisories related to CVE-2025-14033.
检测此 CVE 是否影响你的项目
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
立即扫描您的WordPress项目 — 无需账户
上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。
拖放您的依赖文件
composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...