Report
The Ruby Help Desk plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the process_ticket_reply function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to update arbitrary tickets in the system.
Score:4.3
Severity:Medium
Version:< 1.3.4
There is a patch available in v1.3.4 and we strongly recommend you update to this version as soon as possible.
