cleantalk
Vulnerabilities and Security Researches

Majestic Support – Help Desk & Support Plugin, CVE-2024-13601

CVE, Research URL

CVE-2024-13601

Home page URL

Security reports for Majestic Support – Help Desk & Support Plugin

Application

Majestic Support – Help Desk & Support Plugin

Published on
Feb 12, 2025
Research Description
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export ticket data for any user.
Affected versions
Min -, max 1.0.6.
Status
vulnerable
Previous vulnerability researches
Majestic Support – Help Desk & Support Plugin (CVE-2024-13601) , Feb 13, 2025
Majestic Support – Help Desk & Support Plugin (CVE-2024-13600) , May 07, 2025
Majestic Support – Help Desk & Support Plugin (CVE-2025-26985) , Feb 27, 2025
New vulnerability
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2024-9771) , May 08, 2025
WordPress Tag and Category Manager – AI Autotagger (CVE-2025-0627) , May 08, 2025