High severity8.1NVD Advisory· Published Oct 1, 2024· Updated Apr 8, 2026

CVE-2024-8548

Description

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.

Affected products

Logon/Kb Support
cpe:2.3:a:logon:kb_support:*:*:*:*:*:wordpress:*:*
Range: <1.6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403nvdThird Party Advisory
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000