WordPress Plugin Vulnerabilities

Majestic Support < 1.1.1 - Missing Authorization

Description

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
majestic-support
Fixed in 1.1.1

References

CVE
CVE-2025-48282
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cff7c4-7dc0-440b-bb1c-1087144d1ccf

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
LVT-tholv2k
Verified
No
WPVDB ID
586122f7-aa41-4840-8f78-3cdc8d3e2c2f

Timeline

Publicly Published
2025-05-19 (about 1 year ago)
Added
2025-05-29 (about 1 year ago)
Last Updated
2025-05-29 (about 1 year ago)

Other

Published
Title
Published
2025-08-29
Title
Blog Designer PRO <= 3.4.8 - Missing Authorization
Published
2025-09-22
Title
Ultimate Watermark < 1.1.1 - Missing Authorization
Published
2026-01-19
Title
PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) < 1.119.9 - Missing Authorization to Unauthenticated Order Status Modification
Published
2024-03-29
Title
WP Express Checkout (Accept PayPal Payments) < 2.3.8 - Unauthenticated Price Manipulation
Published
2024-04-15
Title
Country State City Dropdown CF7 < 2.7.2 - Missing Authorization