CVE-2024-13568
📋 TL;DR
The Fluent Support WordPress plugin exposes sensitive ticket attachments to unauthenticated attackers through insecure directory access. All WordPress sites using Fluent Support versions up to 1.8.5 are affected, allowing attackers to download private support ticket files without authentication.
💻 Affected Systems
- Fluent Support – Helpdesk & Customer Support Ticket System for WordPress
📦 What is this software?
Fluent Support by Wpmanageninja
⚠️ Risk & Real-World Impact
Worst Case
Attackers download all support ticket attachments containing sensitive customer data, financial information, credentials, or proprietary business documents, leading to data breach and regulatory violations.
Likely Case
Attackers systematically download accessible files from the exposed directory, collecting customer PII, support communications, and potentially credentials from uploaded screenshots or documents.
If Mitigated
With proper access controls, only authenticated users with appropriate permissions can access support ticket attachments, preventing unauthorized data exposure.
🎯 Exploit Status
Exploitation requires only web browser or curl commands to access exposed directory paths; no authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.6 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/fluent-support/trunk/app/Services/Includes/FileSystem.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Fluent Support plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.8.6+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Restrict directory access via .htaccess
linuxBlock direct access to the vulnerable directory using Apache .htaccess rules
echo 'Order Deny,Allow
Deny from all' > /path/to/wp-content/uploads/fluent-support/.htaccess
Move or rename vulnerable directory
linuxTemporarily relocate the fluent-support uploads directory to prevent access
mv /path/to/wp-content/uploads/fluent-support /path/to/wp-content/uploads/fluent-support_backup_$(date +%Y%m%d)
🧯 If You Can't Patch
- Disable Fluent Support plugin immediately until patched
- Implement web application firewall rules to block access to /wp-content/uploads/fluent-support/* paths
🔍 How to Verify
Check if Vulnerable:
Attempt to access https://yoursite.com/wp-content/uploads/fluent-support/ in browser; if directory listing or files are accessible without login, system is vulnerable.Check Version:
wp plugin get fluent-support --field=version (if WP-CLI installed) or check WordPress admin plugins pageVerify Fix Applied:
After update, attempt same access; should receive 403 Forbidden or proper authentication requirement.📡 Detection & Monitoring
Log Indicators:
- Multiple 200 OK responses to /wp-content/uploads/fluent-support/* paths from unauthenticated IPs
- Unusual file download patterns from uploads directory
Network Indicators:
- HTTP GET requests to fluent-support directory paths without referrer or authentication headers
- Traffic spikes to uploads directory from new IP addresses
SIEM Query:
source="web_logs" AND uri_path="/wp-content/uploads/fluent-support/*" AND http_status=200 AND NOT user_agent="bot|crawler" | stats count by src_ip