WordPress JS Help Desk plugin <= 2.7.1 - Broken Access Control
CVE-2022-46840

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Js Help Desk – Best Help Desk & Support Plugin
Vendor: CVE Published:; 13 December 2024

What is CVE-2022-46840?

A missing authorization vulnerability exists in the JS Help Desk – Best Help Desk & Support Plugin, which may allow malicious users to exploit incorrectly configured access control security levels. This flaw can lead to unauthorized access to sensitive functionality within the plugin, potentially compromising the integrity and confidentiality of data. Users running versions up to 2.7.1 should assess their security configurations and take necessary steps to mitigate the risks associated with this vulnerability.

Affected Version(s)

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1

References

https://patchstack.com/database/wordpress/plugin/js-suppo...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 9, 2022

Credit

RE-ALTER (Patchstack Alliance)