Vulnerability Details CVE-2023-1125
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.8%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-1125
-
cpe:2.3:a:wpruby:ruby_help_desk:-
-
cpe:2.3:a:wpruby:ruby_help_desk:1.0.0
-
cpe:2.3:a:wpruby:ruby_help_desk:1.1.0
-
cpe:2.3:a:wpruby:ruby_help_desk:1.2.0
-
cpe:2.3:a:wpruby:ruby_help_desk:1.3.0
-
cpe:2.3:a:wpruby:ruby_help_desk:1.3.1
-
cpe:2.3:a:wpruby:ruby_help_desk:1.3.2
-
cpe:2.3:a:wpruby:ruby_help_desk:1.3.3