Lucene search
+L

36 matches found

CVE
CVE
added 2026/06/30 6:0 a.m.22 views

CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin (≤ 9.1.2) is vulnerable because it does not sanitize user-supplied array keys before using them in a SQL statement, enabling unauthenticated SQL injection via filter[elements] array keys. Impact is unauthenticated access to manipulate ...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.7 views

EUVD-2026-40262

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

8.8CVSS5.6AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 6:0 a.m.8 views

CVE-2026-11589

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

5.6AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 6:0 a.m.8 views

CVE-2026-11589 WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

5.6AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-1160

Malware in sbrugna...

9.8CVSS9.5AI score0.02217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-1159

Malware in sbrugna...

5.3CVSS5.5AI score0.01332EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-16843

Malware in sbrugna...

6.1CVSS6.3AI score0.01662EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-8529

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 12:40 a.m.7 views

CVE-2014-10391

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

6.1CVSS7.1AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 11:33 p.m.11 views

CVE-2025-31092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through = 2.3.4...

6.5CVSS7.2AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 12:15 a.m.14 views

CVE-2025-31092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through = 2.3.4...

6.5CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/18 7:35 a.m.15 views

CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode

The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6AI score0.00306EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.21 views

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/17 8:15 p.m.15 views

CVE-2024-49281

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through =...

6.5CVSS0.00509EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.17 views

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49281 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 953e712df67a Credits...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/08/23 12:0 a.m.5 views

WordPress wp-support-plus-responsive-ticket-system plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-support-plus-responsive-ticket-system is a ticket system plugin used in it. A cross-site scripting vulnerability exists in WordPres...

6.1CVSS6.2AI score0.00913EPSS
Exploits0References1
NVD
NVD
added 2019/08/22 7:15 p.m.30 views

CVE-2014-10388

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...

5.3CVSS5.4AI score0.01332EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 7:15 p.m.20 views

Sql injection

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...

7.5CVSS8.4AI score0.01795EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/22 7:15 p.m.15 views

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

7.5CVSS7.1AI score0.02016EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/22 7:15 p.m.12 views

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

4.3CVSS7.7AI score0.00913EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder