CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30777 – WordPress Support Genix <= 1.4.11 - Insecure Direct Object References (IDOR) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30777
27 Mar 2025 — Authorization Bypass Through User-Controlled Key vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.11. The Support Genix – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.11 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subs... • https://patchstack.com/database/wordpress/plugin/support-genix-lite/vulnerability/wordpress-support-genix-1-4-11-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49742 – WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-49742
16 Apr 2024 — Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. Vulnerabilidad de autorización faltante en Support Genix. Este problema afecta a Support Genix: desde n/a hasta 1.2.3. The Support Genix plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform una... • https://patchstack.com/database/vulnerability/support-genix-lite/wordpress-support-genix-plugin-1-2-3-broken-access-control-lead-to-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-862: Missing Authorization •