JS Help Desk WordPress Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing Insecure Direct Object Reference has been identified in the JS Help Desk – The Ultimate Help Desk & Support Plugin for WordPress, affecting all versions through 2.8.8. The issue arises in the GDPR module, specifically within the 'exportusereraserequest' function, where user-controlled keys are not properly validated. This flaw enables authenticated attackers with Subscriber-level permissions or higher to export ticket data for any user.

Impact

Exploitation of this vulnerability allows for unauthorized access to user ticket data, potentially leading to privacy violations and misuse of sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level permissions or higher can send a request to the 'exportusereraserequest' endpoint. The request must include a user-controlled key that lacks proper validation. This can be done by manipulating the request parameters to export ticket data for any user, not just the authenticated user.

Remediation

Users are advised to update the JS Help Desk WordPress plugin to version 2.8.9 or later, where this vulnerability has been patched.