5 matches found
CVE-2026-2511
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
CVE-2026-2511
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
CVE-2026-2511
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
CVE-2026-2511
The CVE concerns the JS Help Desk – AI-Powered Support & Ticketing System WordPress plugin. Affected versions: all up to and including 3.0.4. Root cause: user-supplied multiformid is passed to esc_sql() without enclosing the result in quotes in the storeTickets() SQL query, making the escaping in...
PT-2026-28342
Name of the Vulnerable Software and Affected Versions JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress versions prior to 3.0.5 Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is susceptible to SQL Injection through the multiformid...