MEDIUM
thrivedesk
CVE published 2026-07-11
CVE-2026-1832
The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress has a vulnerability allowing unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJAX action in all versions up to, and including, 2.1.7. Authenticated attackers with Subscriber-level access and above can clear the plugin's cache. This issue has a CVSS score of 4.3 and is classi [truncated]