Vulnerabilities > CVE-2023-37890 - Missing Authorization vulnerability in Liquidweb KB Support
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve