Unrated severityNVD Advisory· Published May 2, 2023· Updated Jan 30, 2025

Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR

CVE-2023-1125

Description

The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Ruby Help Deskdescription
WordPress/Ruby Help Deskllm-create
Range: <1.3.4

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/e8a4b6ab-47f8-495d-a22c-dcf914dfb58cmitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000