Primary

Context

Support Board WordPress Plugin Unauthenticated Authorization Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in the Support Board plugin for WordPress, all versions through 3.8.0, allowing unauthorized access, modification, or deletion of data. This issue arises from hardcoded default secrets in the sb_encryption() function, which enable unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. Exploitation of this vulnerability could also facilitate the exploitation of CVE-2025-4828 and other unauthenticated functions.

Impact

Exploitation of this vulnerability allows for unauthorized access and manipulation of data within the WordPress site, including the potential to exploit other vulnerabilities such as CVE-2025-4828.

Remediation

Users are advised to update the Support Board WordPress plugin to version 3.8.1 or a newer patched version.

Added: Jul 9, 2025, 1:57 AM

Updated: Jul 9, 2025, 1:57 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Support Board WordPress Plugin Unauthenticated Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Schiocco Support Board

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating