36 matches found
CVE-2026-11590
The WP Support Plus Responsive Ticket System WordPress plugin (≤ 9.1.2) is vulnerable because it does not sanitize user-supplied array keys before using them in a SQL statement, enabling unauthenticated SQL injection via filter[elements] array keys. Impact is unauthenticated access to manipulate ...
EUVD-2026-40262
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...
CVE-2026-11589
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...
CVE-2026-11589 WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...
EUVD-2014-1160
Malware in sbrugna...
EUVD-2014-1159
Malware in sbrugna...
EUVD-2019-16843
Malware in sbrugna...
EUVD-2025-8529
Malicious code in bioql PyPI...
CVE-2014-10391
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...
CVE-2025-31092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through = 2.3.4...
CVE-2025-31092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through = 2.3.4...
CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...
CVE-2024-49281
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through =...
WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49281 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 953e712df67a Credits...
WordPress wp-support-plus-responsive-ticket-system plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-support-plus-responsive-ticket-system is a ticket system plugin used in it. A cross-site scripting vulnerability exists in WordPres...
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...
Sql injection
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...