6.5
CVE-2024-8632
- EPSS 0.48%
- Veröffentlicht 01.10.2024 08:15:03
- Zuletzt bearbeitet 10.02.2025 16:00:58
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginKB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.
Mögliche Gegenmaßnahme
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin: Update to version 1.6.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
Version
*-1.6.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Logon ≫ Kb Support SwPlatformwordpress Version < 1.6.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.647 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.