CVE-2025-5957

The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets.
Configurations

No configuration.

History

08 Jul 2025, 16:18

Type Values Removed Values Added
Summary
  • (es) El complemento Guest Support – Complete customer support ticket system for WordPress para WordPress es vulnerable a la pérdida no autorizada de datos debido a la falta de comprobación de la función "deleteMassTickets" en todas las versiones hasta la 1.2.2 incluida. Esto permite que atacantes no autenticados eliminen tickets de soporte arbitrarios.

08 Jul 2025, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-08 05:15

Updated : 2025-07-08 16:18


NVD link : CVE-2025-5957

Mitre link : CVE-2025-5957

CVE.ORG link : CVE-2025-5957


JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization