CVE-2024-13601

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 12, 2025

Updated: Feb 18, 2025

CWE ID 639

Summary

CVE-2024-13601: The Majestic Support plugin for WordPress, versions up to 1.0.5, contains an Insecure Direct Object Reference vulnerability. This issue is due to the lack of validation on a user-controlled key within the 'exportusereraserequest' function. Consequently, authenticated attackers with Subscriber-level access or higher can exploit this flaw to export ticket data for any user, potentially leading to unauthorized access to sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2rAEAe
https://www.cve.org/CVERecord?id=CVE-2024-13601
https://nvd.nist.gov/vuln/detail/CVE-2024-13601

Back to Vulnerability Database

CVE-2024-13601

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations