Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in JS Help Desk – Best Help Desk & Support Plugin 2.7.7

  • Severity: medium-risk
  • Status: Open
  • Publication: June 20, 2023

The JS Help Desk Plugin for WordPress is vulnerable to unauthorized access, modification, and deletion of data. This vulnerability affects versions up to and including 2.7.7. Nonce checks are present in some functions, but there is no capability check for individual tickets. This means that attackers with subscriber-level permissions or higher can use the nonce to access and modify ticket data, as well as delete templates and images.

Detected in:

JS Help Desk – AI-Powered Help Desk & Support Plugin fixed vulnerable versions:
JS Help Desk – AI-Powered Support & Ticketing System fixed vulnerable versions:
JS Help Desk – The Ultimate Help Desk & Support Plugin fixed vulnerable versions:
JS Help Desk – Best Help Desk & Support Plugin open vulnerable versions: >= 0 <= 0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.