12 matches found
CVE-2025-30886
CVE-2025-30886 is an unauthenticated SQL Injection affecting the WordPress plugin JS Help Desk (versions up to 2.9.2). The root cause is improper neutralization of input in an SQL command, leading to potential data disclosure/alteration. The issue is rated high/severe in public disclosures, and a...
CVE-2025-30880
CVE-2025-30880 : In the WordPress plugin "JS Help Desk – The Ultimate Help Desk & Support Plugin", a missing/incorrectly configured authorization issue is cited as a vulnerability. The CVSS 3.1 vector indicates an unauthenticated network attack with high impact on availability (base score 7.5, HI...
CVE-2025-30882
The CVE-2025-30882 entry concerns JS Help Desk for WordPress with an Unauthenticated Path Traversal that allows Arbitrary File Download in versions up to 2.9.1. The vulnerability has a high potential impact (CVSS v3.1: 7.5, Attack Vector Network, Privileges None, User Interaction None) with Confi...
CVE-2025-30901
CVE-2025-30901 affects WordPress JS Help Desk (JS Help Desk plugin) and is an unauthenticated Local File Inclusion via improper filename handling in PHP includes. The vulnerability affects JS Help Desk
CVE-2024-51670
CVE-2024-51670 – JS Help Desk WordPress Plugin : Affected plugin versions are
CVE-2023-25444
CVE-2023-25444 affects the WordPress plugin JS Help Desk – Best Help Desk & Support Plugin (versions
CVE-2018-21002
The CVE-2018-21002 entry affects the WordPress plugin js-support-ticket prior to version 2.0.6, which is vulnerable to Cross-Site Request Forgery (CSRF). The issue is caused by CSRF in the plugin’s handling of requests, enabling unintended state-changing actions on affected sites. NVD lists CVSS ...
CVE-2025-30878
CVE-2025-30878 affects the WordPress plugin JS Help Desk (
CVE-2022-47151
CVE-2022-47151 affects WordPress JS Help Desk – Best Help Desk & Support Plugin up to version 2.7.1. The vulnerability is an unauthenticated SQL Injection due to improper neutralization of SQL elements in the plugin, enabling potentially dangerous SQL execution without authentication. Impact is h...
CVE-2022-46838
CVE-2022-46838 affects the WordPress plugin JS Help Desk – Best Help Desk & Support Plugin, versions prior to 2.7.1. The issue is a Missing Authorization vulnerability due to an incorrectly configured access control security level, enabling unauthenticated users to perform settings changes. Impac...
CVE-2024-43274
The CVE-2024-43274 entry affects the WordPress plugin “JS Help Desk – Best Help Desk & Support Plugin” (versions up to 2.8.6). Root cause: missing authorization leads to Broken Access Control, allowing unauthenticated actors to access functionality not properly constrained by ACLs. Impact is desc...
CVE-2022-46840
CVE-2022-46840 affects WordPress plugin JS Help Desk – Best Help Desk & Support Plugin up to version 2.7.1. The issue is a Missing Authorization vulnerability (broken access control) due to incorrectly configured access control security levels. Root cause per Patchstack entry is missing authoriza...