CVE-2024-13601 is an authorization bypass vulnerability categorized under CWE-639 (Authorization Bypass Through User-Controlled Key) affecting the Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin for WordPress. The vulnerability arises from the 'exportusereraserequest' function, which fails to properly validate a user-controlled key parameter. This lack of validation allows authenticated users with minimal privileges (Subscriber-level or above) to bypass authorization controls and export ticket data belonging to other users. The vulnerability is an instance of Insecure Direct Object Reference (IDOR), where direct access to sensitive data is possible without proper permission checks. The flaw affects all plugin versions up to and including 1.0.5. The CVSS 3.1 base score is 4.3, reflecting a medium severity level, with attack vector being network-based, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality only. No patches or fixes have been linked yet, and no known exploits have been reported in the wild. The vulnerability could be leveraged by attackers to access sensitive customer support ticket data, potentially exposing personal or confidential information. Given the plugin’s role in help desk and customer support functions, unauthorized data access could lead to privacy violations and reputational damage for affected organizations.

The primary impact of this vulnerability is unauthorized disclosure of sensitive ticket data within the Majestic Support plugin. Attackers with subscriber-level access can export ticket information belonging to other users, potentially exposing personal data, support case details, or confidential business information. This breach of confidentiality could lead to privacy violations, regulatory non-compliance (e.g., GDPR), and loss of customer trust. Although the vulnerability does not affect data integrity or availability, the exposure of sensitive support data can be leveraged for social engineering, phishing, or further targeted attacks. Organizations relying on this plugin for customer support risk reputational damage and potential legal consequences if sensitive information is leaked. The ease of exploitation (low complexity, network accessible, no user interaction) increases the likelihood of exploitation in environments where the plugin is deployed and user accounts exist. The scope is limited to organizations using this specific WordPress plugin, but given WordPress’s widespread use, the affected population could be significant.

1. Immediate mitigation involves restricting Subscriber-level users’ access to the plugin’s export functionality until a patch is available. 2. Implement custom access controls or filters in WordPress to validate user permissions before allowing export operations. 3. Monitor logs for unusual export requests or access patterns indicative of exploitation attempts. 4. If possible, disable the 'exportusereraserequest' function or the plugin temporarily in environments where sensitive data exposure risk is unacceptable. 5. Follow the plugin vendor’s updates closely and apply patches promptly once released. 6. Conduct a thorough audit of user roles and permissions to ensure minimal privilege principles are enforced. 7. Educate users about the risks of sharing credentials and enforce strong authentication mechanisms to reduce risk of compromised accounts. 8. Consider implementing Web Application Firewalls (WAF) with rules to detect and block suspicious requests targeting the vulnerable function. 9. Review and enhance data encryption and anonymization practices for sensitive ticket data to reduce impact if unauthorized access occurs.