FKIE_CVE-2024-8548

Vulnerability from fkie_nvd - Published: 2024-10-01 08:15 - Updated: 2025-02-10 16:02
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801Product
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869Product
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cveThird Party Advisory
Impacted products
Vendor Product Version
logon kb_support *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:logon:kb_support:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "F06B31A8-A9A0-4669-A306-4346472C6D8A",
              "versionEndExcluding": "1.6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants."
    },
    {
      "lang": "es",
      "value": "El complemento KB Support \u2013 WordPress Help Desk and Knowledge Base para WordPress es vulnerable a modificaciones no autorizadas y p\u00e9rdida de datos debido a la falta de comprobaci\u00f3n de capacidad en varias funciones en todas las versiones hasta la 1.6.6 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, realicen m\u00faltiples acciones administrativas, como responder a tickets arbitrarios, actualizar el estado de cualquier publicaci\u00f3n, eliminar cualquier publicaci\u00f3n, agregar notas a tickets, marcar o desmarcar tickets y agregar o eliminar participantes de tickets."
    }
  ],
  "id": "CVE-2024-8548",
  "lastModified": "2025-02-10T16:02:02.883",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security@wordfence.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-01T08:15:03.400",
  "references": [
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.