The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache.
Metrics
Affected Vendors & Products
References
History
Mon, 13 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Thrivedesk
Thrivedesk agentic Help Desk Plugin For Wordpress – Live Chat, Ai Chatbot & Ticketing – Thrivedesk Wordpress Wordpress wordpress |
|
| Vendors & Products |
Thrivedesk
Thrivedesk agentic Help Desk Plugin For Wordpress – Live Chat, Ai Chatbot & Ticketing – Thrivedesk Wordpress Wordpress wordpress |
Sat, 11 Jul 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache. | |
| Title | ThriveDesk <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Cache Deletion | |
| Weaknesses | CWE-862 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published: 2026-07-11T03:44:25.835Z
Updated: 2026-07-13T14:18:51.341Z
Reserved: 2026-02-03T14:48:59.230Z
Link: CVE-2026-1832
Updated: 2026-07-13T14:18:46.678Z
No data.
No data.