CVE-2023-37890

2023-11-3016:15:09

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-37890

authorization vulnerability

wpomnia kb support

wordpress help desk

knowledge base

acls

security advisory

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.

Affected configurations

Vulners

NVD

Node

wpomniakb_support_–_wordpress_help_desk_and_knowledge_baseRange≤1.5.88

CPENameOperatorVersion
liquidweb:kb_supportliquidweb kb supportle1.5.88

CPE	Name	Operator	Version
liquidweb:kb_support	liquidweb kb support	le	1.5.88

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "kb-support",
    "product": "KB Support – WordPress Help Desk and Knowledge Base",
    "vendor": "WPOmnia",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.89",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.88",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve