Description
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.
Published: 2025-09-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows attackers to exploit incorrectly configured access control settings in the WordPress Helpdesk Support Ticket System for WooCommerce plugin. It enables access to protected resources—such as support ticket data—without proper access checks, potentially allowing unauthorized users to read, modify, or delete ticket information. The weakness is categorized as CWE‑862 (Missing Authorization).

Affected Systems

The affected product is WPFactory Helpdesk Support Ticket System for WooCommerce, all versions up to and including 2.1.1. No specific sub‑version breakdown is available beyond the <= 2.1.1 upper bound.

Risk and Exploitability

The CVSS v3 score of 4.3 indicates moderate severity, while the EPSS score of < 1% shows that exploitation is currently considered unlikely. The vulnerability is not listed in the CISA KEV catalog, reducing the likelihood that it is a known, actively exploited flaw. Based on the description, it is inferred that an attacker would need to access the WordPress installation—potentially via an authenticated session or by manipulating API endpoints—and exploit incorrect access control checks to reach protected ticket data.

Generated by OpenCVE AI on April 30, 2026 at 00:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of the Helpdesk Support Ticket System for WooCommerce (version 2.1.2 or later) to apply the vendor‑issued fix.
  • Review and tighten role‑based access controls within WordPress and the plugin, ensuring that only users with the necessary capabilities can view or modify support tickets.
  • Implement a security audit to verify that all administrative endpoints enforce proper authorization checks, and monitor for any unauthorized access attempts to ticket data.

Generated by OpenCVE AI on April 30, 2026 at 00:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30657 Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through 2.0.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through 2.0.2. Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.
Title WordPress Helpdesk Support Ticket System for WooCommerce Plugin <= 2.0.2 - Broken Access Control Vulnerability WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Thu, 25 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Wpfactory
Wpfactory helpdesk Support Ticket System
Vendors & Products Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Wpfactory
Wpfactory helpdesk Support Ticket System

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through 2.0.2.
Title WordPress Helpdesk Support Ticket System for WooCommerce Plugin <= 2.0.2 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Woocommerce Woocommerce
Wordpress Wordpress
Wpfactory Helpdesk Support Ticket System
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:39.645Z

Reserved: 2025-08-22T11:37:02.930Z

Link: CVE-2025-57972

cve-icon Vulnrichment

Updated: 2025-09-25T13:51:57.310Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:15:56.753

Modified: 2026-04-23T15:33:09.503

Link: CVE-2025-57972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T01:00:13Z

Weaknesses