Majestic Support The Leading Edge Help Desk Customer Support Plugin
Monthly
SQL injection in the Majestic Support WordPress help desk plugin (versions up to and including 1.1.9) allows any authenticated WordPress user to extract sensitive data from the site's database by appending arbitrary SQL to queries via the unsanitized 'val' AJAX parameter. Although the description characterizes attackers as 'unauthenticated,' exploitation in practice requires a Subscriber-level account to obtain a 'get-smart-reply' nonce - a low but real barrier accurately reflected in the CVSS PR:L rating. No public exploit code or CISA KEV listing has been identified at time of analysis, but the trivial nonce-acquisition path (create a ticket, visit the result page) means any user permitted to submit support requests can exploit this on unpatched deployments. Version 1.2.0 appears to resolve the issue based on source code changes in the referenced repository tags.
SQL injection in the Majestic Support WordPress help desk plugin (versions up to and including 1.1.9) allows any authenticated WordPress user to extract sensitive data from the site's database by appending arbitrary SQL to queries via the unsanitized 'val' AJAX parameter. Although the description characterizes attackers as 'unauthenticated,' exploitation in practice requires a Subscriber-level account to obtain a 'get-smart-reply' nonce - a low but real barrier accurately reflected in the CVSS PR:L rating. No public exploit code or CISA KEV listing has been identified at time of analysis, but the trivial nonce-acquisition path (create a ticket, visit the result page) means any user permitted to submit support requests can exploit this on unpatched deployments. Version 1.2.0 appears to resolve the issue based on source code changes in the referenced repository tags.