cleantalk
Vulnerabilities and Security Researches

KB Support – WordPress Help Desk and Knowledge Base, CVE-2024-8548

CVE, Research URL

CVE-2024-8548

Home page URL

Security reports for KB Support – WordPress Help Desk and Knowledge Base

Application

KB Support – WordPress Help Desk and Knowledge Base

Published on
Oct 01, 2024
Research Description
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.
Affected versions
Min -, max 1.6.6.
Status
vulnerable
Previous vulnerability researches
KB Support – WordPress Help Desk and Knowledge Base (CVE-2023-25983) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2023-37890) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2024-33589) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2022-27852) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2024-8632) , Oct 02, 2024
New vulnerability
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3487) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3479) , Apr 18, 2025
WPAdverts – Classifieds Plugin (CVE-2025-39576) , Apr 18, 2025
Checkout Files Upload for WooCommerce (CVE-2025-39520) , Apr 18, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025