CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/13 5:29 a.m.•5 views

CVE-2025-14033

Vulnrichment•added 2026/05/13 5:29 a.m.•5 views

Exploits0References7

CVE-2025-14033 ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

CVE•added 2026/05/13 5:29 a.m.•5 views

CVE-2025-14033

CVE-2025-14033 affects the WordPress plugin “ilGhera Support System for WooCommerce” (woocommerce integration) with versions up to and including 1.3.0. The vulnerability is a missing capability check in get_ticket_content_callback, allowing unauthenticated attackers to read any support ticket con...

EUVD•added 2026/05/13 5:29 a.m.•5 views

EUVD-2025-209822

CNNVD•added 2026/05/13 12:0 a.m.•4 views

WordPress plugin ilGhera Support System for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

Patchstack•added 2026/05/12 5:11 p.m.•6 views

WordPress ilGhera Support System for WooCommerce plugin <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.3.0...

Exploits0References1Affected Software1

EUVD•added 2026/04/08 9:31 a.m.•0 views

EUVD-2026-20251

Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through = 2.3.6...

5.9AI score0.00032EPSS

Exploits0References2

NVD•added 2026/04/08 9:16 a.m.•1 views

CVE-2026-39614

5.4CVSS0.00032EPSS

Vulnrichment•added 2026/03/20 8:25 a.m.•1 views

CVE-2026-2421 ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. Thi...

6.5CVSS6.5AI score0.00148EPSS

Exploits0References4

Patchstack•added 2026/03/20 2:32 a.m.•3 views

WordPress ilGhera Carta Docente for WooCommerce plugin <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin ilGhera Carta Docente for WooCommerce versions = 1.5.0...

6.5CVSS5.8AI score0.00148EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/07 9:18 a.m.•4 views

CVE-2025-14034

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

5.3CVSS5.2AI score0.00043EPSS

NVD•added 2026/01/06 4:15 a.m.•3 views

CVE-2025-14034

5.3CVSS0.00043EPSS

Vulnrichment•added 2026/01/06 3:21 a.m.•2 views

CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

5.3CVSS4.9AI score0.00043EPSS

Cvelist•added 2026/01/06 3:21 a.m.•25 views

CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

5.3CVSS0.00043EPSS

CVE•added 2026/01/06 3:21 a.m.•9 views

CVE-2025-14034

The vulnerability CVE-2025-14034 affects the ilGhera Support System for WooCommerce WordPress plugin. A missing capability check in delete_single_ticket_callback and change_ticket_status_callback in all versions through 1.2.6 allows authenticated attackers with Subscriber+ privileges to delete ar...

5.3CVSS4.9AI score0.00043EPSS

CNNVD•added 2026/01/06 12:0 a.m.•2 views

WordPress plugin ilGhera Support System for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.3AI score0.00043EPSS

Positive Technologies•added 2026/01/06 12:0 a.m.•3 views

PT-2026-1402

Name of the Vulnerable Software and Affected Versions ilGhera Support System for WooCommerce plugin versions prior to 1.2.7 Description The ilGhera Support System for WooCommerce plugin for WordPress has a flaw that allows unauthorized modification and data loss. A missing capability check in the...

5.3CVSS6.2AI score0.00043EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-34512

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00061EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-46178

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00124EPSS