Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Network-reachable plugin endpoint, no complexity beyond holding a subscriber account (PR:L), with read/write limited to plugin-managed objects only; no availability impact.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
AnalysisAI
Insecure Direct Object Reference (IDOR) in the Majestic Support WordPress plugin (versions up to and including 1.1.7) allows any authenticated subscriber-level user to access or modify support objects belonging to other users by manipulating user-controlled resource identifiers. Reported by Patchstack's audit team and tracked as EUVD-2026-39761, the flaw carries a CVSS 5.4 Medium rating with both confidentiality and integrity impact confirmed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WordPress account with at minimum subscriber role - the CVSS vector PR:L confirms authenticated low-privilege access is a prerequisite. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.4 Medium score reflects a network-accessible, low-complexity flaw requiring only subscriber-level authentication (PR:L), with limited confidentiality (C:L) and integrity (C:L) impact and no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker self-registers a subscriber account on a WordPress site running Majestic Support 1.1.7, then submits a support ticket to identify the format of ticket IDs. The attacker then iterates through adjacent ticket IDs in HTTP requests to the plugin's ticket-viewing or update endpoint, retrieving the support conversation contents - including potentially sensitive user data, contact details, or business information - of other customers. … |
| Remediation | No vendor-released patched version is independently confirmed from the available data - the EUVD record does not list a fixed release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39761
GHSA-5qpv-3mxm-5v8r