SecuriTricks - CVE-2024-13552

Description

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to download attachments for support tickets that don't belong to them. If an admin enables tickets for guests, this can be exploited by unauthenticated attackers.

Product(s) Impacted

Product	Versions
SupportCandy - Helpdesk & Customer Support Ticket System plugin for WordPress	['up to 3.3.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References

https://plugins.trac.wordpress.org/browser/supportcandy/trunk/includes/admin/tickets/class-wpsc-new-ticket.php#L395

https://plugins.trac.wordpress.org/changeset/3235142/supportcandy/trunk?old=3188306&old_path=%2Fsupportcandy%2Ftrunk

https://www.wordfence.com/threat-intel/vulnerabilities/id/13f87248-cc0b-4351-b79d-6efc5190b021?source=cve

CVSS Score

4.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: March 7, 2025, 10:15 a.m.
Last Modified: March 7, 2025, 10:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@wordfence.com

CVE-2024-13552