Unknown Support Board vulnerabilities

3 known vulnerabilities affecting unknown/support_board.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2021-24823HIGHCVSS 8.1≥ 3.3.6, < 3.3.62022-02-28

CVE-2021-24823 [HIGH] CWE-352 CVE-2021-24823: The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files

CVE-2021-24807MEDIUMCVSS 5.4≥ 3.3.5, < 3.3.52021-11-08

CVE-2021-24807 [MEDIUM] CWE-79 CVE-2021-24807: The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

CVE-2021-24741CRITICALCVSS 9.8≥ 3.3.4, < 3.3.42021-09-20

CVE-2021-24741 [CRITICAL] CWE-89 CVE-2021-24741: The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as st The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.