CVE-2024-13607 (GCVE-0-2024-13607)

Vulnerability from cvelistv5 – Published: 2025-02-04 06:41 – Updated: 2025-02-04 15:43
VLAI?
Summary
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
rabilal JS Help Desk – The Ultimate Help Desk & Support Plugin Affected: * , ≤ 2.8.8 (semver)
Create a notification for this product.
Credits
Tim Coen
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13607",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T15:43:04.647636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T15:43:09.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin",
          "vendor": "rabilal",
          "versions": [
            {
              "lessThanOrEqual": "2.8.8",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tim Coen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the \u0027exportusereraserequest\u0027 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T06:41:53.947Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.8/modules/gdpr/controller.php#L110"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3230977/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-03T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin \u003c= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-13607",
    "datePublished": "2025-02-04T06:41:53.947Z",
    "dateReserved": "2025-01-21T20:09:50.331Z",
    "dateUpdated": "2025-02-04T15:43:09.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-13607\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2025-02-04T07:15:12.973\",\"lastModified\":\"2025-02-04T07:15:12.973\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the \u0027exportusereraserequest\u0027 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.\"},{\"lang\":\"es\",\"value\":\"El complemento JS Help Desk \u2013 The Ultimate Help Desk \u0026amp; Support Plugin para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta incluida, 2.8.8 a trav\u00e9s de \u0027exportusereraserequest\u0027 debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite que atacantes autenticados, con permisos de nivel de suscriptor y superiores, exporten datos de tickets para cualquier usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"references\":[{\"url\":\"https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.8/modules/gdpr/controller.php#L110\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset/3230977/\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve\",\"source\":\"security@wordfence.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-13607\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T15:43:04.647636Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T15:42:54.917Z\"}}], \"cna\": {\"title\": \"JS Help Desk \\u2013 The Ultimate Help Desk \u0026 Support Plugin \u003c= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Tim Coen\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"rabilal\", \"product\": \"JS Help Desk \\u2013 The Ultimate Help Desk \u0026 Support Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.8.8\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-02-03T00:00:00.000+00:00\", \"value\": \"Disclosed\"}], \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.8/modules/gdpr/controller.php#L110\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3230977/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The JS Help Desk \\u2013 The Ultimate Help Desk \u0026 Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the \u0027exportusereraserequest\u0027 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639 Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2025-02-04T06:41:53.947Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-13607\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T15:43:09.510Z\", \"dateReserved\": \"2025-01-21T20:09:50.331Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2025-02-04T06:41:53.947Z\", \"assignerShortName\": \"Wordfence\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.