Unauthorized Access to Replies in WordPress Help Desk and Knowledge Base Plugin

CVE-2024-8632

6.5MEDIUM

Key Information

Vendor: Cagdasdag
Status: Kb Support – WordPress Help Desk And Knowledge Base
Vendor: CVE Published:; 1 October 2024

Summary

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.

Affected Version(s)

KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 1, 2024
Disclosed
Sep 30, 2024
Vulnerability Reserved.
Sep 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Krzysztof Zając