38 matches found
CVE-2026-57652
Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...
EUVD-2026-39767
Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...
CVE-2026-56054
CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions <= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...
EUVD-2026-39383
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
PT-2026-52435
Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...
EUVD-2026-36861
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48887
CVE-2026-48887 affects the WordPress JS Help Desk plugin ≤ 3.0.9 with an unauthenticated Broken Access Control flaw. Documents note unauthorized access control weakness but do not provide root cause details or a stated remediation; Patchstack is cited as the source. Exploitation status is not des...
CVE-2026-48886 WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
EUVD-2026-36860
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
CVE-2026-48886
The CVE-2026-48886 entry describes an unauthenticated SQL Injection in WordPress JS Help Desk plugin versions
PT-2026-49490
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
PT-2026-49491
Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.0.10 Description Broken Access Control allows unauthenticated users to bypass security restrictions. Recommendations Update to version 3.0.10 or later...
CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
CVE-2026-32534 WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32534
CVE-2026-32534 describes an SQL Injection issue in the WordPress plugin “JS Help Desk” (js-support-ticket). The connected documentation confirms an authenticated SQL injection vulnerability in this plugin, caused by improper neutralization of SQL elements, affecting versions up to and including 3...
WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.3...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.1...