CVE-2024-13568

Name of the Vulnerable Software and Affected Versions The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress versions up to, and including, 1.8.5

Description The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory, which can contain file attachments included in support tickets.

Recommendations For versions up to, and including, 1.8.5, update to a version later than 1.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the /wp-content/uploads/fluent-support directory to minimize the risk of exploitation.