CVE-2024-13604
📋 TL;DR
This vulnerability allows unauthenticated attackers to access sensitive files stored in the /wp-content/uploads/kbs directory of WordPress sites using the KB Support plugin. The exposed files can include support ticket attachments containing potentially confidential information. All WordPress sites running KB Support plugin versions up to 1.7.4 are affected.
💻 Affected Systems
- KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers download all support ticket attachments containing sensitive customer data, financial information, or credentials, leading to data breach, regulatory fines, and reputational damage.
Likely Case
Attackers scan vulnerable sites and download accessible files containing personal information, support communications, or system details that could enable further attacks.
If Mitigated
With proper access controls and monitoring, unauthorized access attempts are detected and blocked before sensitive data is exfiltrated.
🎯 Exploit Status
Exploitation requires only web access to the vulnerable directory path; no authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.5
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3231596/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find KB Support plugin. 4. Click 'Update Now' if update available. 5. If no update shows, manually download version 1.7.5+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Restrict directory access via .htaccess
linuxBlock direct access to the vulnerable kbs directory using Apache mod_rewrite rules.
# Create or edit .htaccess in /wp-content/uploads/kbs/
Order deny,allow
Deny from all
Move sensitive files
linuxRelocate existing sensitive files from the kbs directory to a protected location.
mv /path/to/wp-content/uploads/kbs/*.pdf /secure/location/
mv /path/to/wp-content/uploads/kbs/*.doc* /secure/location/
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block access to /wp-content/uploads/kbs/* paths.
- Monitor access logs for requests to the kbs directory and alert on suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://yoursite.com/wp-content/uploads/kbs/ in a browser or using curl/wget. If directory listing or files are accessible without authentication, the site is vulnerable.Check Version:
Check WordPress admin → Plugins page or examine /wp-content/plugins/kb-support/kb-support.php header for Version: value.Verify Fix Applied:
After updating, attempt the same access test; you should receive a 403 Forbidden or similar error instead of file access.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses for GET requests to /wp-content/uploads/kbs/* paths from unauthenticated users
- Unusual spikes in requests to kbs directory from single IPs
Network Indicators:
- Outbound transfers of files from kbs directory to unknown external IPs
- Scanning patterns targeting /wp-content/uploads/kbs/
SIEM Query:
source="web_logs" AND (uri_path="/wp-content/uploads/kbs/*" OR uri_path CONTAINS "kbs") AND http_status=200 AND user_agent NOT IN ("bot","crawler") | stats count by src_ip