Wiselyhub Js Help Desk vulnerabilities
5 known vulnerabilities affecting wiselyhub/js_help_desk.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-50839P2CRITICALCVSS 9.8PoC≤ 2.8.12023-12-28
CVE-2023-50839 [CRITICAL] CWE-89 CVE-2023-50839: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1.
nvd
CVE-2022-46839P3CRITICALCVSS 9.8≤ 2.7.12024-01-05
CVE-2022-46839 [CRITICAL] CWE-434 CVE-2022-46839: Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best He
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
nvd
CVE-2024-31273P3CRITICALCVSS 9.8fixed in 2.8.42024-06-09
CVE-2024-31273 [CRITICAL] CWE-862 CVE-2024-31273: Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.T
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3.
nvd
CVE-2024-13606P3HIGHCVSS 7.5fixed in 2.8.92025-02-13
CVE-2024-13606 [HIGH] CWE-200 CVE-2024-13606: The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sen
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketd
nvd
CVE-2022-46842P4HIGHCVSS 8.8fixed in 2.7.22023-02-02
CVE-2022-46842 [HIGH] CWE-352 CVE-2022-46842: Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.
nvd