JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

CVE-2026-48886

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

CVE-2026-48887

Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...

CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...

EUVD-2026-15909

Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...

CVE-2026-32534

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...

CVE-2026-32534 WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...

CVE-2026-32535

Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...

CVE-2026-32535

The provided Connected documents confirm CVE-2026-32535 affects the WordPress JS Help Desk plugin (versions ≤ 3.0.3). The vulnerability is an Insecure Direct Object References (IDOR) leading to an Authorization Bypass through a User-Controlled Key, caused by misconfigured access control security ...

EUVD-2023-60537

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2023-7337 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System WordPress plugin (v2.8.2) is vulnerable to SQL Injection via the js-support-ticket-token-tkstatus cookie. This stems from an incomplete fix for CVE-2023-50839, leaving a second sink with insufficient escaping and inadequate preparation on t...

CVE-2026-24959

CVE-2026-24959 is a SQL Injection in WordPress plugin JS Help Desk (js-support-ticket) , with root cause described as improper neutralization of special elements in SQL queries. Affected software: JS Help Desk versions up to and including 3.0.1. Public sources (Patchstack, Red Hat, CIRCL/CVE feed...

CVE-2023-25444

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7...

EUVD-2024-51689

Malicious code in bioql PyPI...

EUVD-2022-49623

Malicious code in bioql PyPI...

EUVD-2023-27766

Malicious code in bioql PyPI...

EUVD-2022-49926

Malicious code in bioql PyPI...