CVE-2025-14033 MEDIUM

CVE-2025-14033: ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

Vendor Ghera74

Product ilGhera Support System for WooCommerce

Weakness CWE-639 · IDOR

Published May 13, 2026

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID.

Key dates

Disclosure timeline

May 13, 2026 CVE published

May 13, 2026 Record updated

Identifiers

CVE CVE-2025-14033

CWE CWE-639

CVSS 5.3 / MEDIUM

Affected versions

Vendor Ghera74

Product ilGhera Support System for WooCommerce

Affected ≤ 1.3.0