1163 matches found
CVE-2018-19947
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...
CVE-2025-13657
The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13657
The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13657
CVE-2025-13657 affects the WordPress plugin “HelpDesk Contact Form” (versions
CVE-2025-13657 HelpDesk contact form plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args
The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...
WordPress plugin HelpDesk contact form 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin HelpDesk contact form 1.1.5 and earlie...
PT-2026-1564
Name of the Vulnerable Software and Affected Versions HelpDesk contact form plugin for WordPress versions prior to 1.1.6 Description The HelpDesk contact form plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within t...
WordPress HelpDesk contact form plugin plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args vulnerability
Cross-Site Request Forgery to Settings Update via handlequeryargs vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin HelpDesk contact form versions = 1.1.5...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability
Missing Authorization to Authenticated Subscriber+ Ticket Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty vulnerability
Missing Authorization to Authenticated Subscriber+ Trash Empty vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability
Missing Authorization to Authenticated Subscriber+ Trash Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...
CVE-2025-9343
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
EUVD-2025-204662
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2025-9343
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2025-9343
CVE-2025-9343 : Stored XSS in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...
WordPress plugin HAPPY – Helpdesk Support Ticket System 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin...
CVE-2025-10655
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...