CVE-2024-13600

CVE-2024-13600 concerns Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin for WordPress (affected: ≤1.0.5). An unauthenticated attacker can access sensitive data stored in the majesticsupportdata directory under /wp-content/uploads/majesticsupportdata, potentially including ...

CVE-2024-13601 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...

CVE-2022-2039

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupportisettings function found in the /livesupporti.php file. This makes it possible for unauthenticated attacke...

CVE-2024-0594

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

WordPress plugin Nirweb support 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Plugin Nirweb support versions = 3.0.3...

CVE-2025-24741 WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7...

CVE-2025-24741 WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in LOGON KB Support kb-support.This issue affects KB Support: from n/a through = 1.6.7...

CVE-2025-22298 WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through = 1.1.6...

WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Hive Support versions = 1.1.6...

CVE-2024-54289 WordPress Awesome Support plugin <= 6.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through = 6.3.1...

CVE-2024-54274 WordPress Octrace Support plugin <= 1.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace...

WordPress Hive Support plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by hunter85 Patchstack Alliance in WordPress Plugin Hive Support versions = 1.1.2...

WordPress Octrace Support plugin <= 1.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hunter85 Patchstack Alliance in WordPress Plugin WordPress HelpDesk & Support Ticket System Plugin – Octrace Support versions = 1.2.7...

CVE-2023-49757 WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through = 6.1.10...

WordPress plugin Fluent Support SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

CVE-2024-44011

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExpressTech Systems WP Ticket Ultra Help Desk & Support Plugin wp-ticket-ultra allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through = 1.0.5...

CVE-2024-44011

CVE-2024-44011 describes a Local File Inclusion (path traversal) vulnerability in the WordPress plugin “WP Ticket Ultra Help Desk & Support Plugin” (affected:

CVE-2024-8632

The WordPress KB Support plugin (KB Support – WordPress Help Desk and Knowledge Base) is vulnerable due to a missing capability check on kbs_ajax_load_front_end_replies and kbs_ajax_mark_reply_as_read. Affected versions: all up to 1.6.6. The issue allows unauthenticated attackers to read replies ...

WordPress KB Support plugin <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure vulnerability

Missing Authorization to Unauthenticated Ticket Reply Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin KB Support versions = 1.6.6...