CVE-2023-25997
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Guideline Violation), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
Missing authorization in Sola Support Ticket plugin (≤3.17) allows attackers to exploit incorrectly configured access controls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Sola Support Ticket plugin (≤3.17) allows attackers to exploit incorrectly configured access controls.
Vulnerability
The Sola Support Ticket plugin for WordPress (versions through 3.17) contains a Missing Authorization vulnerability [1]. The plugin fails to properly enforce access control checks on certain endpoints, allowing unauthorized actions. The plugin has been closed and removed from the WordPress.org plugin directory as of December 3, 2025, due to a Guideline Violation [1].
Exploitation
An attacker with network access to a WordPress site running the vulnerable plugin can send crafted HTTP requests to bypass authorization checks. No authentication is required if the vulnerable endpoints are exposed to unauthenticated users. The exact sequence of steps depends on the specific missing authorization, but typically involves manipulating parameters or accessing administrative functions directly.
Impact
Successful exploitation allows an attacker to perform actions that should require higher privileges, such as viewing or modifying support tickets, accessing sensitive data, or altering plugin settings. The impact is limited to the scope of the plugin's functionality, but could lead to information disclosure or privilege escalation within the WordPress environment.
Mitigation
No patched version is available because the plugin has been closed and removed from the WordPress.org directory [1]. Users who have the plugin installed should uninstall it immediately and seek alternative support ticket solutions. There is no known workaround for the vulnerability.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=3.17+ 1 more
- (no CPE)range: <=3.17
- (no CPE)range: <=3.17
Patches
0sola-support-ticketsThis plugin has been removed from the WordPress.org directory on 2025-12-03 (reason: Guideline Violation). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.