Security Issue – Missing Authorization to Authenticated (Subscriber+) Multiple A
-
KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 – Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kb-support/kb-support-wordpress-help-desk-and-knowledge-base-166-missing-authorization-to-authenticated-subscriber-multiple-administrator-actions
Hello, are you addressing this issue reported by WordFence?
Additionally, there is a problem in your latest version 1.7.0. where output is starting inform-functions.phpon line 1 of the KB Support plugin. This early output prevents other parts of WordPress and plugins from modifying headers or starting sessions correctly.PHP Warning: Cannot modify header information - headers already sent by (output started at /path/to/kb-support/includes/forms/form-functions.php:1) in /path/to/IXR-server.php on line 144
This causes heavy interventions with other plugins not working properly, resolve the whitespace issue.
Both problems are quite serious and require your urgent attention.
- You must be logged in to reply to this topic.
