CVE-2024-13568

High CVSS: 7.5

The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets.

Vendor

Wpmanageninja

Product

Fluent Support

CWE

CWE-200

Yayın Tarihi

2025-03-01 05:15:14

Güncelleme

2025-05-26 01:30:56

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 Fluent Support HIGH Wpmanageninja 2025

Referanslar

https://plugins.trac.wordpress.org/browser/fluent-support/trunk/app/Services/Includes/FileSystem.php https://www.wordfence.com/threat-intel/vulnerabilities/id/17f40832-8ae5-443a-aa98-f0e61d1152cc?source=cve

Benzer Kayıtlar

High

CVE-2025-2940

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all vers…

Medium

CVE-2025-2939

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up…

Medium

CVE-2024-12772

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in t…