KB Support WordPress Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure exists in the KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin for WordPress, in all versions prior to and including 1.7.4. The vulnerability arises from unprotected directory access, allowing unauthenticated attackers to retrieve sensitive data from the '/wp-content/uploads/kbs' directory. This directory may contain file attachments from support tickets, which are stored insecurely. Although version 1.7.3.2 partially addressed this issue by introducing a .htaccess file to the upload directory, the vulnerability remains in versions 1.7.3.2 and 1.7.4.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, specifically file attachments from support tickets, which could include personal or confidential data.

Remediation

Users can update to version 1.7.3.2 or later to address this vulnerability. However, it is recommended to review the vulnerability details and consider uninstalling the affected plugin if a suitable replacement is available.