WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control
CVE-2023-37890

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: KB Support – WordPress Help Desk and Knowledge Base
Vendor: CVE Published:; 30 November 2023

Summary

Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.

Affected Version(s)

KB Support – WordPress Help Desk and Knowledge Base <= 1.5.88

References

https://patchstack.com/database/vulnerability/kb-support/...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Jul 10, 2023

Credit

Rafshanzani Suhada (Patchstack Alliance)