CVE-2024-8548

Name of the Vulnerable Software and Affected Versions: The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress versions up to, and including, 1.6.6

Description: The issue is related to a missing capability check on several functions, allowing authenticated attackers with Subscriber-level access and above to perform administrative actions. These actions include replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.

Recommendations: For versions up to, and including, 1.6.6, update to a version higher than 1.6.6 to resolve the issue. As a temporary workaround, consider restricting access to administrative functions to minimize the risk of exploitation. Restrict access to the plugin's functionality to only those who need it, and monitor the plugin's activity closely until an update can be applied.