Login Sign Up

CVE-2024-8548

8.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in the KB Support WordPress plugin allows authenticated attackers with Subscriber-level access or higher to perform unauthorized administrative actions, such as modifying or deleting tickets and posts. It affects all versions up to and including 1.6.6, putting WordPress sites using this plugin at risk of data loss or manipulation.

💻 Affected Systems

Products:
  • KB Support – WordPress Help Desk and Knowledge Base plugin
Versions: All versions up to and including 1.6.6
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the plugin enabled; any authenticated user with at least Subscriber role is affected.

📦 What is this software?

Kb Support by Logon

View all CVEs affecting Kb Support →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete or alter all support tickets and posts, leading to complete data loss, service disruption, and potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Attackers may tamper with ticket data, reply to tickets as administrators, or delete critical posts, causing operational issues and data integrity breaches.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor data manipulation, but the vulnerability still poses a significant risk if exploited.

🌐 Internet-Facing: HIGH, as WordPress sites are typically internet-facing, allowing remote attackers with valid credentials to exploit this vulnerability easily.
🏢 Internal Only: MEDIUM, as internal users with Subscriber access could exploit it, but network segmentation might reduce exposure compared to external threats.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward due to missing capability checks in AJAX functions; weaponization is likely given the low complexity and public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.6.7 or later

Vendor Advisory: https://wordpress.org/plugins/kb-support/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'KB Support' and click 'Update Now' if available. 4. Alternatively, download the latest version from the WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Restrict User Roles

all

Temporarily limit Subscriber and higher roles from accessing the plugin's features by adjusting WordPress user capabilities or using a role management plugin.

Disable Plugin

linux

Deactivate the KB Support plugin if not essential, to immediately mitigate the vulnerability until a patch is applied.

wp plugin deactivate kb-support

🧯 If You Can't Patch

  • Implement strict network access controls to limit plugin exposure to trusted IPs only.
  • Enhance logging and monitoring for suspicious activities related to ticket or post modifications by low-privilege users.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 1.6.6 or lower, it is vulnerable.

Check Version:

wp plugin get kb-support --field=version

Verify Fix Applied:

After updating, confirm the plugin version is 1.6.7 or higher in the same location.

📡 Detection & Monitoring

Log Indicators:

  • Unusual AJAX requests from low-privilege users to KB Support functions, such as ticket updates or deletions.

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with action parameters related to KB Support (e.g., kbs_ajax_reply_ticket).

SIEM Query:

source="wordpress_logs" AND (uri="/wp-admin/admin-ajax.php" AND action LIKE "kbs_%") AND user_role IN ("subscriber", "contributor")

📊 Metadata

CVE ID: CVE-2024-8548
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-862
Published: October 1, 2024
Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8548, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)