CVE-2024-13600

HIGH 7.5

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets.

CWE	CWE-200
Vendor	ahmadmj
Product	majestic support – the leading-edge help desk & customer support plugin
Published	Feb 12, 2025
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for ahmadmj majestic support – the leading-edge help desk & customer support plugin

Be the first to know when new high vulnerabilities affecting ahmadmj majestic support – the leading-edge help desk & customer support plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

ahmadmj / Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

0 ≤ 1.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/c5a8fd90-49dd-4a5e-88f2-cd6b338da2d6?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.0.5/includes/classes/uploads.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3231938/

Credits

Tim Coen