The Ruby Help Desk WordPress plugin prior to 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an malicious user to close and/or add files and replies to tickets other than their own.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpruby ruby help desk |