Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Support Ticket Access via Session Cookie Forgery
Vulnerability Description
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress WP Support Plus Responsive Ticket System 授权问题漏洞
Vulnerability Description
WordPress WP Support Plus Responsive Ticket System是WordPress基金会的一款适用于 WordPress 的一体化前端文章提交、用户注册、个人资料构建器、会员和用户目录插件。 WordPress WP Support Plus Responsive Ticket System 9.1.2及之前版本存在授权问题漏洞,该漏洞源于未对访客会话cookie进行签名或验证,导致未经身份验证的攻击者可以伪造cookie并冒充任意票据所有者读取、回复和关闭支持票据。
CVSS Information
N/A
Vulnerability Type
N/A