Skip to main content

Agentic Help Desk Plugin For Wordpress Live Chat Ai Chatbot Ticketing Thrivedesk

1 CVEs product

Monthly

CVE-2026-1832 MEDIUM This Month

Unauthorized cache deletion in the ThriveDesk WordPress plugin (all versions through 2.1.7) is possible by any authenticated user holding a Subscriber-level role or above, due to a missing capability check on the `thrivedesk_clear_cache` AJAX action. The root cause is a CWE-862 Missing Authorization flaw in `includes/helper.php` - any logged-in user can invoke the privileged cache-clearing function without role validation. No public exploit has been identified at time of analysis and no CISA KEV listing exists; real-world impact is bounded to cache disruption and potential performance degradation rather than data loss or code execution.

Authentication Bypass WordPress Agentic Help Desk Plugin For Wordpress Live Chat Ai Chatbot Ticketing Thrivedesk
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthorized cache deletion in the ThriveDesk WordPress plugin (all versions through 2.1.7) is possible by any authenticated user holding a Subscriber-level role or above, due to a missing capability check on the `thrivedesk_clear_cache` AJAX action. The root cause is a CWE-862 Missing Authorization flaw in `includes/helper.php` - any logged-in user can invoke the privileged cache-clearing function without role validation. No public exploit has been identified at time of analysis and no CISA KEV listing exists; real-world impact is bounded to cache disruption and potential performance degradation rather than data loss or code execution.

Authentication Bypass WordPress Agentic Help Desk Plugin For Wordpress Live Chat Ai Chatbot Ticketing Thrivedesk
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy