cleantalk
Vulnerabilities and Security Researches

KB Support – WordPress Help Desk and Knowledge Base, CVE-2024-8632

CVE, Research URL

CVE-2024-8632

Home page URL

Security reports for KB Support – WordPress Help Desk and Knowledge Base

Application

KB Support – WordPress Help Desk and Knowledge Base

Published on
Oct 01, 2024
Research Description
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.
Affected versions
Min -, max 1.6.6.
Status
vulnerable
Previous vulnerability researches
KB Support – WordPress Help Desk and Knowledge Base (CVE-2023-25983) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2023-37890) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2024-33589) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2022-27852) , Jun 07, 2024
KB Support – WordPress Help Desk and Knowledge Base (CVE-2024-8632) , Oct 02, 2024
New vulnerability
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3487) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3479) , Apr 18, 2025
WPAdverts – Classifieds Plugin (CVE-2025-39576) , Apr 18, 2025
Checkout Files Upload for WooCommerce (CVE-2025-39520) , Apr 18, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025