CVE-2024-8632

MEDIUM

WordPress KB Support Plugin <= 1.6.6 - Unauthenticated Data Access/Modification

Title source: llm
STIX 2.1

Description

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.

Scores

CVSS v3 6.5
EPSS 0.0028
EPSS Percentile 19.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
logon/kb_support < 1.6.7
logoninc/KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin < 1.6.6
Published Oct 01, 2024
Tracked Since Feb 18, 2026