CVE-2025-69179
Deferred Deferred - Pending Action
Unauthenticated Privilege Escalation in Support Ticket Management System

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69179
EUVD
EUVD-2025-210237
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack support_ticket_management_system_plugin to 1.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Support Ticket Management System Plugin, versions 1.9 and below, contains a high-priority privilege escalation vulnerability identified as CVE-2025-69179.

This vulnerability allows unauthenticated attackers to escalate their privileges from low-level accounts to higher levels, potentially gaining full control over the affected website.

It is classified under the OWASP Top 10 category A7, which relates to Identification and Authentication Failures.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers without any authentication to escalate their privileges and potentially take full control of your website.

Such control could lead to unauthorized access to sensitive data, modification or deletion of content, disruption of services, and further exploitation of the compromised system.

Given its high CVSS score of 9.8, it is considered highly dangerous and likely to be exploited in widespread attacks.

Mitigation Strategies

Immediate action is advised to mitigate the vulnerability in the WordPress Support Ticket Management System Plugin versions 1.9 and below.

  • Update the plugin to a newer version if available.
  • Apply the mitigation rule issued by Patchstack to block attacks until an official fix is released.
  • Seek assistance from your hosting provider or a developer to implement protective measures.
Compliance Impact

This vulnerability allows unauthenticated attackers to escalate privileges and potentially gain full control of the website, which can lead to unauthorized access to sensitive data.

Such unauthorized access and control can result in violations of common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and access.

Because the vulnerability falls under OWASP Top 10 category A7 (Identification and Authentication Failures), it highlights weaknesses in authentication mechanisms that are critical for regulatory compliance.

Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to potential data breaches and failure to protect personal or health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69179. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart