Skip to main content

Majestic Support CVE-2026-57646

| EUVDEUVD-2026-39761 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-26 audit@patchstack.com GHSA-5qpv-3mxm-5v8r
5.4
CVSS 3.1 · Vendor: patchstack
Share

Severity by source

Vendor (patchstack) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Network-reachable plugin endpoint, no complexity beyond holding a subscriber account (PR:L), with read/write limited to plugin-managed objects only; no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (patchstack).

CVSS VectorVendor: patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 16:11 vuln.today

DescriptionCVE.org

Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

AnalysisAI

Insecure Direct Object Reference (IDOR) in the Majestic Support WordPress plugin (versions up to and including 1.1.7) allows any authenticated subscriber-level user to access or modify support objects belonging to other users by manipulating user-controlled resource identifiers. Reported by Patchstack's audit team and tracked as EUVD-2026-39761, the flaw carries a CVSS 5.4 Medium rating with both confidentiality and integrity impact confirmed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or compromise subscriber account
Delivery
Authenticate to WordPress site
Exploit
Submit support ticket to identify object ID format
Execution
Enumerate adjacent ticket IDs in plugin endpoint requests
Persist
Bypass per-object authorization check
Impact
Read or modify other users' support ticket data

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid WordPress account with at minimum subscriber role - the CVSS vector PR:L confirms authenticated low-privilege access is a prerequisite. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 5.4 Medium score reflects a network-accessible, low-complexity flaw requiring only subscriber-level authentication (PR:L), with limited confidentiality (C:L) and integrity (C:L) impact and no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker self-registers a subscriber account on a WordPress site running Majestic Support 1.1.7, then submits a support ticket to identify the format of ticket IDs. The attacker then iterates through adjacent ticket IDs in HTTP requests to the plugin's ticket-viewing or update endpoint, retrieving the support conversation contents - including potentially sensitive user data, contact details, or business information - of other customers. …
Remediation No vendor-released patched version is independently confirmed from the available data - the EUVD record does not list a fixed release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57646 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy