Zendesk Support for WordPress by Zendesk

Zendesk Support for WordPress by Zendesk <= 1.8.4 - Convert comment to a ticket via CSRF

LANACOMMONVDB ID: c9669288-4365-413c-be0d-b403ffcf16be

The plugin does not have Cross-Site Request Forgery (CSRF) check when convert comment to a Zendesk ticket, which could allow attackers to make logged in admins create a Zendesk ticket from an arbitrary comment given they know the comment id.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/zendesk/

CVE: CVE-2023-23716

Attributes

Catgory: WordPress Plugin

Discovered: 2023-01-06

Published: 2023-04-18

Affected Version: <= 1.8.4

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).