Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin < 1.0.6 – Unauthenticated Sensitive Information Exposure Through Unprotected Directory | CVE 2024-13600 | Plugin Vulnerabilities

Description

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets.

Affects Plugins

majestic-support

Fixed in 1.0.6

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c5a8fd90-49dd-4a5e-88f2-cd6b338da2d6

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Tim Coen

Verified

No

WPVDB ID

098ca9b3-4f8c-43a2-ab1c-4662936014b3

Timeline

Publicly Published

2025-02-11 (about 1 year ago)

Added

2025-02-11 (about 1 year ago)

Last Updated

2025-02-12 (about 1 year ago)

Other

Published

Title

Published

2025-05-16

Title

Wishlist <= 2.1.0 - Authenticated (Subscriber+) Information Exposure

Published

2023-12-28

Title

404 Solution < 2.33.1 - Sensitive Information Exposure via Log File

Published

2025-01-16

Title

WM Options Import Export <= 1.0.1 - Unauthenticated Information Exposure

Published

2025-01-14

Title

Elementor Addon Elements < 1.14 - Contributor+ Sensitive Information Disclosure

Published

2025-11-12

Title

SureForms < 1.13.2 - Unauthenticated Sensitive Information Exposure