Security Issue – Missing Authorization to Authenticated (Subscriber+) Multiple A

KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 – Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kb-support/kb-support-wordpress-help-desk-and-knowledge-base-166-missing-authorization-to-authenticated-subscriber-multiple-administrator-actions


Hello, are you addressing this issue reported by WordFence?

Additionally, there is a problem in your latest version 1.7.0. where output is starting in form-functions.php on line 1 of the KB Support plugin. This early output prevents other parts of WordPress and plugins from modifying headers or starting sessions correctly.

PHP Warning: Cannot modify header information - headers already sent by (output started at /path/to/kb-support/includes/forms/form-functions.php:1) in /path/to/IXR-server.php on line 144

This causes heavy interventions with other plugins not working properly, resolve the whitespace issue.




Both problems are quite serious and require your urgent attention.

• This topic was modified 1 year, 7 months ago by countermind91.
• This topic was modified 1 year, 7 months ago by countermind91.