CVE-2023-25997: 
WordPress vulnerability analysis and mitigation

The CVE-2023-25997 is a Missing Authorization vulnerability affecting SolaPlugins Sola Support Ticket WordPress plugin versions through 3.17. The vulnerability was discovered and reported by security researcher luckybuddy, and was publicly disclosed on June 5, 2025 ([Patchstack](https://patchstack.com/database/wordpress/plugin/sola-support-tickets/vulnerability/wordpress-sola-support-ticket-3-17-arbitrary-content-deletion-vulnerability?s_id=cve)).

The vulnerability is classified as a Missing Authorization issue (CWE-862) that allows exploiting incorrectly configured access control security levels. It has received a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, and required low privileges (NVD).

The vulnerability enables arbitrary content deletion capabilities, allowing malicious actors to delete content from the website such as pictures, posts, or pages. The impact is particularly concerning for websites using the affected plugin versions (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation strategy is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).