CVE-2024-13601

Name of the Vulnerable Software and Affected Versions Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin versions 1.0.5 and earlier

Description The issue is related to Insecure Direct Object Reference. It affects the 'exportusereraserequest' function due to missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access and above to export ticket data for any user.

Recommendations For versions 1.0.5 and earlier, consider disabling the 'exportusereraserequest' function until a patch is available to prevent unauthorized data export. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the affected function for sensitive data handling until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.