WordPress Plugin Vulnerabilities

Support Genix < 1.2.4 - Missing Authorization

Description

The Support Genix plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions such as uploading arbitrary files.

Affects Plugins

Plugin icon
support-genix-lite
Fixed in 1.2.4

References

CVE
CVE-2023-49742
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/40ade684-57a2-43be-9d4a-1c0a653807eb

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
beluga
Verified
No
WPVDB ID
37bd4e3d-e44b-4883-a94e-1c6b28fefce0

Timeline

Publicly Published
2024-04-16 (about 2 years ago)
Added
2024-04-25 (about 2 years ago)
Last Updated
2024-04-25 (about 2 years ago)

Other

Published
Title
Published
2025-06-26
Title
DWT < 3.3.7 - Unauthenticated Arbitrary User Password Reset
Published
2025-04-16
Title
WowStore < 4.2.5 - Missing Authorization
Published
2024-08-26
Title
JobSearch < 2.5.6 - Missing Authorization
Published
2026-04-21
Title
Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php
Published
2026-03-01
Title
Popup Like box < 3.7.8 - Missing Authorization