CVE-2024-13601
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to export ticket data belonging to any user in the Majestic Support plugin. Attackers can exploit missing validation on user-controlled parameters to access sensitive help desk information they shouldn't have permission to view. All WordPress sites using vulnerable versions of the Majestic Support plugin are affected.
💻 Affected Systems
- Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin for WordPress
📦 What is this software?
Majestic Support by Majesticsupport
⚠️ Risk & Real-World Impact
Worst Case
Attackers could export all customer support tickets containing sensitive personal information, payment details, or confidential communications, leading to data breach and regulatory violations.
Likely Case
Malicious users or compromised accounts export ticket data for reconnaissance, social engineering, or to access other users' personal information.
If Mitigated
With proper access controls and monitoring, unauthorized data exports would be detected and blocked before significant data exposure occurs.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once an attacker has valid credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.6 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3231938/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Majestic Support plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.0.6+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable GDPR Export Function
allTemporarily disable the vulnerable export functionality by modifying plugin code
Edit wp-content/plugins/majestic-support/modules/gdpr/controller.php
Comment out or remove lines around the exportusereraserequest function (around line 110)
Restrict User Roles
allTemporarily restrict Subscriber and other low-privilege roles from accessing support features
Use WordPress role management plugins or custom code to remove support-related capabilities from low-privilege roles
🧯 If You Can't Patch
- Disable the Majestic Support plugin entirely until patched
- Implement strict network monitoring for unusual data export patterns from authenticated users
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Majestic Support version. If version is 1.0.5 or lower, you are vulnerable.Check Version:
wp plugin list --name=majestic-support --field=version (if WP-CLI installed) or check WordPress admin interfaceVerify Fix Applied:
After updating, verify version shows 1.0.6 or higher in WordPress plugins list. Test export functionality with low-privilege user accounts.📡 Detection & Monitoring
Log Indicators:
- Unusual export requests from low-privilege user accounts
- Multiple export requests in short timeframes
- Export requests for user IDs not matching the requesting user
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=exportusereraserequest
- Unusually large data exports from support system
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND parameters.action="exportusereraserequest") AND user_role IN ("subscriber","contributor")