6.5

CVE-2024-8632

KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure

KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.
Mögliche Gegenmaßnahme
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin: Update to version 1.6.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LogonKb Support SwPlatformwordpress Version < 1.6.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
Version *-1.6.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.195
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.wordfence.com/threat-intel/vulnerabilities/id/767b1234-5b4a-4baa-9048-7b2e413cdba5?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3164784%40kb-support&new=3164784%40kb-support&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/767b1234-5b4a-4baa-9048-7b2e413cdba5
Third Party Advisory