Support Ticket Management System
Monthly
Privilege escalation in the Support Ticket Management System WordPress plugin (versions 1.9 and earlier) by Theme Passion allows remote unauthenticated attackers to elevate privileges on affected WordPress sites. With a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) and no public exploit identified at time of analysis, the flaw maps to CWE-266 (Incorrect Privilege Assignment) and is tracked in the Patchstack database. Successful exploitation likely yields administrator-level access to the WordPress instance, enabling full site takeover.
Privilege escalation in the Support Ticket Management System WordPress plugin (versions 1.9 and earlier) by Theme Passion allows remote unauthenticated attackers to elevate privileges on affected WordPress sites. With a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) and no public exploit identified at time of analysis, the flaw maps to CWE-266 (Incorrect Privilege Assignment) and is tracked in the Patchstack database. Successful exploitation likely yields administrator-level access to the WordPress instance, enabling full site takeover.