Lucene search
K

1163 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.10 views

CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...

6.5CVSS6.6AI score0.00755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2025-13657

The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.2AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.3 views

CVE-2025-13657

The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 6:35 a.m.11 views

CVE-2025-13657

CVE-2025-13657 affects the WordPress plugin “HelpDesk Contact Form” (versions

4.3CVSS4.9AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.31 views

CVE-2025-13657 HelpDesk contact form plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args

The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin HelpDesk contact form 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin HelpDesk contact form 1.1.5 and earlie...

4.3CVSS6.3AI score0.00128EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1564

Name of the Vulnerable Software and Affected Versions HelpDesk contact form plugin for WordPress versions prior to 1.1.6 Description The HelpDesk contact form plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within t...

4.3CVSS6.2AI score0.00128EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/06 9:47 p.m.7 views

WordPress HelpDesk contact form plugin plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args vulnerability

Cross-Site Request Forgery to Settings Update via handlequeryargs vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin HelpDesk contact form versions = 1.1.5...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability

Missing Authorization to Authenticated Subscriber+ Ticket Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty vulnerability

Missing Authorization to Authenticated Subscriber+ Trash Empty vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability

Missing Authorization to Authenticated Subscriber+ Trash Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/22 3:23 a.m.3 views

CVE-2025-9343

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS5.2AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/21 6:31 a.m.4 views

EUVD-2025-204662

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS4.8AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2025/12/21 4:16 a.m.7 views

CVE-2025-9343

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/21 3:20 a.m.3 views

CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS4.8AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/12/21 3:20 a.m.18 views

CVE-2025-9343

CVE-2025-9343 : Stored XSS in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (

7.2CVSS4.9AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/21 3:20 a.m.18 views

CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/21 12:0 a.m.3 views

WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...

7.2CVSS5.7AI score0.00194EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.5 views

WordPress plugin HAPPY – Helpdesk Support Ticket System 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin...

5.3CVSS6AI score0.00218EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.4 views

CVE-2025-10655

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.6CVSS8AI score0.00468EPSS
Exploits1References1
Rows per page
Query Builder