CVE-2021-24823

Name of the Vulnerable Software and Affected Versions The Support Board WordPress plugin versions prior to 3.3.6

Description The issue concerns the lack of CSRF checks in actions handled by the include/ajax.php file. This could allow attackers to make logged-in users perform unwanted actions, such as deleting arbitrary files, including the possibility of an admin deleting files.

Recommendations For versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the include/ajax.php file until the update is applied.