Lucene search
+L
SchioccoSupport Board

6 matches found

CVE
CVE
added 2022/02/28 9:6 a.m.96 views

CVE-2021-24823

The CVE-2021-24823 entry concerns the WordPress Support Board plugin prior to version 3.3.6. The issue is that actions handled by include/ajax.php lack CSRF checks, allowing an attacker to trigger actions as an authenticated user, e.g., an admin deleting arbitrary files. Connected sources (Red Ha...

8.1CVSS8AI score0.00542EPSS
Web
CVE
CVE
added 2021/11/08 5:35 p.m.53 views

CVE-2021-24807

The vulnerability is CVE-2021-24807 affecting the WordPress Support Board plugin (versions before 3.3.5). It allows Authenticated (Agent+) users to perform Stored Cross-Site Scripting by placing a payload in the notes field; when an administrator or any authenticated user opens the chat, the XSS ...

5.4CVSS5.1AI score0.01395EPSS
Web
CVE
CVE
added 2025/07/08 11:22 p.m.49 views

CVE-2025-4855

CVE-2025-4855 concerns the WordPress plugin Support Board. Multiple sources confirm a vulnerability in all versions up to 3.8.0 where hardcoded default secrets in sb_encryption() enable unauthenticated bypass of authorization and the execution of arbitrary AJAX actions via sb_ajax_execute(). This...

9.8CVSS7.1AI score0.00338EPSS
CVE
CVE
added 2025/07/08 11:22 p.m.48 views

CVE-2025-4828

The CVE-2025-4828 entry concerns the WordPress Support Board plugin, where arbitrary file deletion is possible due to insufficient file path validation in sb_file_delete across all versions up to 3.8.0. This can lead to remote code execution when critical files (e.g., wp-config.php) are deleted. ...

9.8CVSS7.3AI score0.00832EPSS
CVE
CVE
added 2026/03/25 1:31 p.m.14 views

CVE-2026-4816

CVE-2026-4816: A Reflected Cross Site Scripting (XSS) vulnerability exists in Support Board v3.7.7. An attacker can craft a malicious URL that injects JavaScript via the search parameter in /supportboard/include/articles.php, causing code execution in the victim’s browser and potentially exfiltra...

5.4CVSS5.8AI score0.0014EPSS
Web
CVE
CVE
added 2026/03/25 1:31 p.m.10 views

CVE-2026-4815

Support Board 3.7.7 is affected by a SQL injection vulnerability. The issue allows an attacker to retrieve, create, update, and delete data through the parameter calls[0][message_ids][] in the /supportboard/include/ajax.php endpoint. The connected CVE records confirm the affected product/version ...

8.8CVSS5.8AI score0.00244EPSS
Web