WordPress Plugin Vulnerabilities

Majestic Support < 1.1.1 - Missing Authorization

Description

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
majestic-support
Fixed in 1.1.1

References

CVE
CVE-2025-49860
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/11f3c5bf-19cd-422a-a7f8-358669c78db5

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Fariq Fadillah Gusti Insani (fariqfgi)
Verified
No
WPVDB ID
34dc8648-6b21-4b59-9987-dc4dbff6d665

Timeline

Publicly Published
2025-06-12 (about 11 months ago)
Added
2025-06-17 (about 11 months ago)
Last Updated
2025-06-17 (about 11 months ago)

Other

Published
Title
Published
2026-05-01
Title
Royal Addons for Elementor < 1.7.1057 - Unauthenticated Form Action Meta Modification
Published
2026-01-22
Title
Real Estate Pro <= 2.1.5 - Missing Authorization
Published
2024-05-29
Title
Comparison Slider <= 1.0.5 - Missing Authorization
Published
2025-10-24
Title
Password Policy Manager | Password Manager < 2.0.6 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out
Published
2025-12-03
Title
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App < 3.6.2 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update