4 matches found
CVE-2023-1125 Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...
CVE-2023-1125 Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...
CVE-2023-1125
The CVE-2023-1125 entry concerns the Ruby Help Desk WordPress plugin (versions prior to 1.3.4). The vulnerability is an insecure direct object reference (IDOR) that fails to validate ticket ownership, enabling a subscriber to close tickets or attach files/replies to tickets that do not belong to ...
WordPress Ruby Help Desk Plugin < 1.3.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Ruby Help Desk Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1125 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4bb70b90c759 Credits Ameen Alkurdy...