CVE-2024-13600

Published Feb 12, 2025

Last updated 4 days ago

CVSS high 7.5

Overview

Description: The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

security@wordfence.com: CWE-200
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2024-13600 The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to… https://t.co/ok5Ondo9oQ
@CVEnew
12 Feb 2025
293 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:majesticsupport:majestic_support:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C81ADD0-65E9-4F00-98B4-3B2E0443AD50",
            "versionEndExcluding": "1.0.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References