Schiocco Support Board Chat And Help Desk vulnerabilities
2 known vulnerabilities affecting schiocco/support_board_chat_and_help_desk.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-24741P2CRITICALCVSS 9.8fixed in 3.3.42021-09-20
CVE-2021-24741 [CRITICAL] CWE-89 CVE-2021-24741: The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as st
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.
nvd
CVE-2018-18373P4MEDIUMCVSS 5.4v1.2.32018-10-17
CVE-2018-18373 [MEDIUM] CWE-79 CVE-2018-18373: In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulner
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
nvd