CVE-2023-1125

MEDIUM

Ruby Help Desk WordPress Plugin < 1.3.4 - Authorization Bypass via Ticket Modification

Title source: llm

Description

The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/e8a4b6ab-47f8-495d-a22c-dcf914dfb58c

Scores

CVSS v3 6.5

EPSS 0.0056

EPSS Percentile 42.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

wpruby/ruby_help_desk < 1.3.4

Published May 02, 2023

Tracked Since Feb 18, 2026