CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24741 – WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2025-24741
24 Jan 2025 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7. The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6.7. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can suc... • https://patchstack.com/database/wordpress/plugin/kb-support/vulnerability/wordpress-kb-support-plugin-1-6-7-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33589 – WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33589
25 Apr 2024 — Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0. Vulnerabilidad de autorización faltante en WPOmnia KB Support. Este problema afecta a KB Support: desde n/a hasta 1.6.0. The KB Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the kbs_ajax_display_ticket_notes and kbs_ajax_display_ticket_replies function in versions up to, and including, 1.6.0. This makes it possible for authenticated... • https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37890 – WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-37890
11 Jul 2023 — Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88. Vulnerabilidad de autorización faltante en WPOmnia KB Support – WordPress Help Desk and Knowledge Base permite Accessing Functionality Not Properly Constrained by ACLs. Los usuarios con... • https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25983 – WordPress KB Support Plugin <= 1.5.84 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2023-25983
24 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en WPOmnia KB Support. Este problema afecta a KB Support: desde n/a hasta 1.5.84. The KB Support plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, KB Support. This allows subscriber-level attackers to embed untrusted input into exported CSV f... • https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-84-csv-injection-vulnerability?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27852 – WordPress KB Support plugin <= 1.5.5 - Multiple Unauth. Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-27852
15 Apr 2022 — Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) almacenadas sin autenticación en KB Support (plugin de WordPress) versiones anteriores a 1.5.5 incluyéndola The plugin KB Support – WordPress Help Desk versions up to 1.5.5 are vulnerable to Cross-Site Scripting. The vulnerabilities allow unauthenticated attackers to inject arbitrary web scripts in pages that will execute... • https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-5-multiple-unauthenticated-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •