Missing Authorization Vulnerability in Sola Support Ticket Plugin by SolaPlugins
CVE-2023-25997

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
6 June 2025

What is CVE-2023-25997?

A vulnerability exists in the Sola Support Ticket plugin developed by SolaPlugins, linked to the improper configuration of access control security levels. This missing authorization issue allows attackers to exploit the system, potentially leading to unauthorized actions that compromise the security of the application. Users utilizing versions from n/a through 3.17 are at risk, emphasizing the need for immediate updates to mitigate potential breaches.

Affected Version(s)

Sola Support Ticket <= 3.17

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lucky_buddy (Patchstack Alliance)
.
CVE-2023-25997 : Missing Authorization Vulnerability in Sola Support Ticket Plugin by SolaPlugins