CVE-2025-14034
Unauthorized Modification in ilGhera WooCommerce Plugin via Missing Capability Check
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | wc_support_system | 1.2.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ilGhera Support System for WooCommerce WordPress plugin (up to version 1.2.6) where there is a missing capability check on the functions 'delete_single_ticket_callback' and 'change_ticket_status_callback'. Because of this, authenticated users with Subscriber-level access or higher can delete arbitrary support tickets and modify their status without proper authorization.
How can this vulnerability impact me? :
The vulnerability allows attackers with low-level authenticated access (Subscriber or above) to delete support tickets and change their status arbitrarily. This can lead to unauthorized modification and loss of support ticket data, potentially disrupting customer support operations and causing loss of important user or product issue information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized modification of support tickets via missing capability checks in AJAX callbacks 'delete_single_ticket_callback' and 'change_ticket_status_callback' in the WC Support System plugin versions up to 1.2.6. Detection can involve monitoring for suspicious AJAX requests to these endpoints, especially from users with Subscriber-level access or higher. Since the plugin uses AJAX actions named 'wss-delete-single-ticket' and 'wss-change-ticket-status', you can inspect web server logs or use network monitoring tools to look for POST requests to admin-ajax.php with these actions. Example commands to detect such activity could include: 1) Using grep on web server logs to find AJAX calls: grep 'action=wss-delete-single-ticket' /path/to/access.log grep 'action=wss-change-ticket-status' /path/to/access.log 2) Using network capture tools like tcpdump or Wireshark to filter HTTP POST requests containing these actions. However, no specific detection commands are provided in the resources. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WC Support System plugin to a version later than 1.2.6 where the missing capability checks on 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions are fixed. If an update is not immediately available, restrict Subscriber-level user permissions to prevent unauthorized ticket deletion or status changes. Additionally, monitor and audit support ticket modifications and consider disabling the plugin temporarily if exploitation is suspected. Applying proper capability checks in the plugin code for these AJAX callbacks is essential to prevent unauthorized access. [2, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users with Subscriber-level access and above to delete arbitrary support tickets and modify their status without proper authorization. This unauthorized modification and potential loss of support ticket data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require maintaining the integrity and availability of personal and sensitive data. Specifically, the risk of data loss or unauthorized changes to user support tickets may violate requirements for data accuracy, integrity, and auditability under these standards.