CVE-2024-13600
📋 TL;DR
This vulnerability allows unauthenticated attackers to access sensitive file attachments from WordPress support tickets stored in an insecure directory. All WordPress sites using the Majestic Support plugin version 1.0.5 or earlier are affected. Attackers can download private files uploaded through the support system without any authentication.
💻 Affected Systems
- Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin for WordPress
📦 What is this software?
Majestic Support by Majesticsupport
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all sensitive files uploaded through support tickets, including personal documents, credentials, or confidential business information, leading to data breaches and regulatory violations.
Likely Case
Unauthenticated attackers downloading support ticket attachments containing personal information, potentially leading to privacy violations and targeted phishing attacks.
If Mitigated
Limited exposure if directory permissions are properly configured or if the plugin is not used for sensitive file uploads.
🎯 Exploit Status
Exploitation requires only web browser access to the vulnerable directory path; no authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0.5
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3231938/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Majestic Support plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin until patched version is released.
🔧 Temporary Workarounds
Restrict directory access via .htaccess
ApacheBlock public access to the vulnerable directory using Apache .htaccess rules
Order deny,allow
Deny from all
Change directory permissions
Linux/UnixSet restrictive file permissions on the majesticsupportdata directory
chmod 700 /wp-content/uploads/majesticsupportdata/
🧯 If You Can't Patch
- Disable the Majestic Support plugin immediately
- Implement web application firewall rules to block access to /wp-content/uploads/majesticsupportdata/
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[your-domain]/wp-content/uploads/majesticsupportdata/ in a web browser. If directory listing or files are visible, the site is vulnerable.Check Version:
Check WordPress admin panel → Plugins → Majestic Support version, or examine wp-content/plugins/majestic-support/readme.txt file version number.Verify Fix Applied:
After updating, attempt the same access test. You should receive a 403 Forbidden error or similar access denial.📡 Detection & Monitoring
Log Indicators:
- Multiple 200 OK responses to /wp-content/uploads/majesticsupportdata/ paths in web server logs
- Unusual file download patterns from the majesticsupportdata directory
Network Indicators:
- HTTP GET requests to /wp-content/uploads/majesticsupportdata/ from unauthenticated IP addresses
- Traffic spikes to the vulnerable directory path
SIEM Query:
source="web_server_logs" AND (uri_path="/wp-content/uploads/majesticsupportdata/*" OR uri_path CONTAINS "majesticsupportdata") AND status="200"