CVE-2023-25997
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Sola Support Ticket WordPress plugin (up to version 3.17) allows a malicious user with at least Subscriber-level privileges to delete website content such as pictures, posts, or pages. It is caused by missing authorization and incorrectly configured access control security levels, classified as an Arbitrary Content Deletion vulnerability under OWASP Top 10 A1: Broken Access Control. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized deletion of website content, including pictures, posts, or pages, potentially causing data loss and disruption of website operations. Since attackers can automate exploitation, many sites using the vulnerable plugin may be compromised quickly. There is no official fix, and deactivating the plugin alone does not mitigate the risk without a virtual patch or removing the plugin entirely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized content deletion actions performed by users with Subscriber-level privileges in the Sola Support Ticket plugin (version up to 3.17). Since exploitation allows arbitrary deletion of posts, pages, or pictures, reviewing WordPress logs for unexpected content deletions or changes by low-privilege users is recommended. Additionally, using malware scanning tools or hosting provider malware scanning services may help detect signs of compromise, although plugin-based scanners may be unreliable due to tampering. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the Sola Support Ticket plugin with a maintained alternative, as no official fix or updated version is available and the plugin is abandoned. Deactivating the plugin alone does not mitigate the risk. Applying a virtual patch (vPatch) from Patchstack can provide rapid protection against exploitation. In case of suspected compromise, seek professional incident response or hosting provider malware scanning. [1]