cbcvebase.

Joomsky Js Help Desk vulnerabilities

16 known vulnerabilities affecting joomsky/js_help_desk.

Total CVEs
16
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH7MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-30886P2CRITICALCVSS 10.0fixed in 2.9.3≤ 2.9.22025-04-01
CVE-2025-30886 [CRITICAL] CWE-89 CVE-2025-30886: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from n/a through <= 2.9.2.
nvd
CVE-2026-32534P3HIGHCVSS 8.5≥ n/a, ≤ <= 3.0.32026-03-25
CVE-2026-32534 [HIGH] CWE-89 CVE-2026-32534: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.
nvd
CVE-2026-24959P3HIGHCVSS 8.5≤ 3.0.12026-02-20
CVE-2026-24959 [HIGH] CWE-89 CVE-2026-24959: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
nvd
CVE-2025-30878P3CRITICALCVSS 9.1fixed in 2.9.3≤ 2.9.22025-04-01
CVE-2025-30878 [CRITICAL] CWE-22 CVE-2025-30878: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Joom Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.2.
nvd
CVE-2022-47151P3HIGHCVSS 8.6fixed in 2.7.22024-04-17
CVE-2022-47151 [HIGH] CWE-89 CVE-2022-47151: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
nvd
CVE-2024-43274P3CRITICALCVSS 9.8fixed in 2.8.72024-11-01
CVE-2024-43274 [CRITICAL] CWE-862 CVE-2024-43274: Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin a Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6.
nvd
CVE-2023-25444P3CRITICALCVSS 9.1fixed in 2.7.82024-05-17
CVE-2023-25444 [CRITICAL] CWE-434 CVE-2023-25444: Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best He Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.
nvd
CVE-2022-46838P3CRITICALCVSS 9.1fixed in 2.7.22024-12-13
CVE-2022-46838 [CRITICAL] CWE-862 CVE-2022-46838: Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin a Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
nvd
CVE-2025-30882P3HIGHCVSS 7.5fixed in 2.9.2≤ 2.9.12025-04-01
CVE-2025-30882 [HIGH] CWE-22 CVE-2025-30882: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Joom Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1.
nvd
CVE-2025-30901P3HIGHCVSS 8.1fixed in 2.9.3≤ 2.9.22025-04-01
CVE-2025-30901 [HIGH] CWE-98 CVE-2025-30901: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.
nvd
CVE-2025-30880P3HIGHCVSS 7.5fixed in 2.9.3≤ 2.9.22025-04-01
CVE-2025-30880 [HIGH] CWE-862 CVE-2025-30880: Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Inco Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.
nvd
CVE-2026-32535P3MEDIUMCVSS 6.5≥ n/a, ≤ <= 3.0.32026-03-25
CVE-2026-32535 [MEDIUM] CWE-639 CVE-2026-32535: Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ti Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 3.0.3.
nvd
CVE-2018-21002P4HIGHCVSS 8.8fixed in 2.0.62019-08-27
CVE-2018-21002 [HIGH] CWE-352 CVE-2018-21002: The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.
nvd
CVE-2026-57652P4MEDIUMCVSS 5.3≥ n/a, ≤ 3.1.02026-06-26
CVE-2026-57652 [MEDIUM] CWE-639 CVE-2026-57652: Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions. Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
nvd
CVE-2022-46840P4MEDIUMCVSS 5.4fixed in 2.7.22024-12-13
CVE-2022-46840 [MEDIUM] CWE-862 CVE-2022-46840: Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin a Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
nvd
CVE-2024-51670P4MEDIUMCVSS 4.8fixed in 2.8.8≤ 2.8.72024-11-09
CVE-2024-51670 [MEDIUM] CWE-79 CVE-2024-51670: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/a through <= 2.8.7.
nvd
Joomsky Js Help Desk vulnerabilities | cvebase