PT-2024-39146 · WordPress · The Kb Support – Wordpress Help Desk/Knowledge Base
Krzysztof Zając
·
Published
2024-10-01
·
Updated
2025-02-10
·
CVE-2024-8632
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress versions up to, and including, 1.6.6
Description:
The issue allows unauthorized access and modification of data due to a missing capability check on the
kbs ajax load front end replies and kbs ajax mark reply as read functions. This makes it possible for unauthenticated attackers to read replies of any ticket and mark any reply as read.Recommendations:
For versions up to, and including, 1.6.6, update to a version that includes a fix for the missing capability check on the
kbs ajax load front end replies and kbs ajax mark reply as read functions.
As a temporary workaround, consider disabling the kbs ajax load front end replies and kbs ajax mark reply as read functions until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Kb Support – Wordpress Help Desk/Knowledge Base