cbcvebase.

Rabilal Js Help Desk Ai-Powered Support Ticketing System vulnerabilities

5 known vulnerabilities affecting rabilal/js_help_desk_ai-powered_support_ticketing_system.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-50839P2CRITICALCVSS 9.8PoC≤ 2.8.22023-12-28
CVE-2023-50839 [CRITICAL] CWE-89 CVE-2023-50839: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1.
nvd
CVE-2026-2511P3HIGHCVSS 7.5≤ 3.0.42026-03-26
CVE-2026-2511 [HIGH] CWE-89 CVE-2026-2511: The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL I The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query,
nvd
CVE-2024-43274P3CRITICALCVSS 9.8≤ 2.8.62024-11-01
CVE-2024-43274 [CRITICAL] CWE-862 CVE-2024-43274: Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin a Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6.
nvd
CVE-2024-13606P3HIGHCVSS 7.5≤ 2.8.82025-02-13
CVE-2024-13606 [HIGH] CWE-200 CVE-2024-13606: The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sen The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketd
nvd
CVE-2024-13607P4MEDIUMCVSS 4.3≤ 2.8.82025-02-04
CVE-2024-13607 [MEDIUM] CWE-639 CVE-2024-13607: The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Ins The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and ab
nvd
Rabilal Js Help Desk Ai-Powered Support Ticketing System vulnerabilities | cvebase