CVE-2024-8548

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801	Product
https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:logon:kb_support:*:*:*:*:*:wordpress:*:*

History

10 Feb 2025, 16:02

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580 - Product
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve - Third Party Advisory
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869 - Product
References	~~() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531 -~~	() https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531 - Product
CWE	~~CWE-862~~
First Time		Logon kb Support Logon
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : unknown
CPE		cpe:2.3:a:logon:kb_support::::::wordpress::*

01 Oct 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-01 08:15

Updated : 2025-02-10 16:02

NVD link : CVE-2024-8548

Mitre link : CVE-2024-8548

JSON object : View

Products Affected

logon

kb_support

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L138", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L172", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L211", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L240", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L458", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L531", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L580", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L605", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L630", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L649", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L801", "tags": ["Product"], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869", "name": "https://plugins.trac.wordpress.org/browser/kb-support/trunk/includes/ajax-functions.php#L869", "tags": ["Product"], "refsource": ""}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve", "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-8548", "ASSIGNER": "cve-request@wordfence.com"}}, "impact": {}, "publishedDate": "2024-10-01T08:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:logon:kb_support:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.6.7"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-10T16:02Z"}