2024-10-01 07:30:13
Wordfence
PUBLISHED
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the kbs_ajax_load_front_end_replies and kbs_ajax_mark_reply_as_read functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.