CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24741 – WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2025-24741
24 Jan 2025 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7. The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6.7. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can suc... • https://patchstack.com/database/wordpress/plugin/kb-support/vulnerability/wordpress-kb-support-plugin-1-6-7-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33589 – WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33589
25 Apr 2024 — Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0. Vulnerabilidad de autorización faltante en WPOmnia KB Support. Este problema afecta a KB Support: desde n/a hasta 1.6.0. The KB Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the kbs_ajax_display_ticket_notes and kbs_ajax_display_ticket_replies function in versions up to, and including, 1.6.0. This makes it possible for authenticated... • https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •