CVE-2026-11589 WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

EUVD-2026-40262

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

EUVD-2014-1159

Malware in sbrugna...

EUVD-2019-16843

Malware in sbrugna...

EUVD-2014-1160

Malware in sbrugna...

CVE-2014-10391

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

WordPress wp-support-plus-responsive-ticket-system plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-support-plus-responsive-ticket-system is a ticket system plugin used in it. A cross-site scripting vulnerability exists in WordPres...

CVE-2014-10388

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

Sql injection

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...

CVE-2019-15331

The CVE-2019-15331 entry concerns the WordPress plugin wp-support-plus-responsive-ticket-system, affected in all versions prior to 9.1.2. Multiple connected sources confirm a vulnerability described as HTML injection / stored cross-site scripting (XSS) in this plugin. The vulnerability stems from...

CVE-2016-10930

The CVE-2016-10930 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System. Affected component: the wp-support-plus-responsive-ticket-system plugin for WordPress. Root cause: insecure direct object reference via a ticket number in the plugin prior to version 7.1.0. Impact: po...

CVE-2014-10387

The CVE-2014-10387 incident concerns the WordPress plugin WP Support Plus Responsive Ticket System (affected: before version 4.2). The vulnerability is an SQL injection in the plugin, exposing potential disclosure/modification of data and impact to availability, as indicated by CVSS metrics (UP t...

CVE-2014-10387

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...

CVE-2014-10388

CVE-2014-10388 affects the WordPress plugin wp-support-plus-responsive-ticket-system prior to version 4.2. Multiple connected sources (RH, NVD, CVE lists, WPVulnDB) consistently describe a full path disclosure vulnerability in this plugin, enabling disclosure of server file paths. Public details ...

CVE-2014-10388

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...

CVE-2014-10391

The CVE-2014-10391 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System, specifically versions prior to 4.1. The vulnerability is a JavaScript injection (XSS) flaw caused by insufficient validation of client-side data in the plugin. Impact is that an attacker could trigger...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the submitticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in...