Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High2
Medium2
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-04-07

CVE-2024-13604 - Kb Support Plugin

The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/kbs directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 1.7.3.2.

PLUGIN Kb Support

CVE-2024-13604

HIGH CVSS 7.5 2025-04-05
Open Full Technical Breakdown
Threat Entry Updated 2025-02-10

CVE-2024-8548 - Kb Support Plugin

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.

PLUGIN Kb Support

CVE-2024-8548

HIGH CVSS 8.1 2024-10-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-10

CVE-2024-8632 - Kb Support Plugin

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.

PLUGIN Kb Support

CVE-2024-8632

MEDIUM CVSS 6.5 2024-10-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-11

CVE-2023-37890 - Kb Support Plugin

Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.

PLUGIN Kb Support

CVE-2023-37890

MEDIUM CVSS 4.3 2023-11-30
Open Full Technical Breakdown
Scroll to top