CVSS: 9.1EPSS: %CPEs: 1EXPL: 0CVE-2022-46838 – JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update
https://notcve.org/view.php?id=CVE-2022-46838
The JS Help Desk plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.7.1. This makes it possible for unauthenticated attackers to update the plugin's settings. • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6007 – Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-6007
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. Existe Cross-Site Request Forgery (CSRF) en el componente JS Support Ticket 1.1.0 para Joomla! y permite que los atacantes inyecten HTML o editen un ticket. Joomla! • https://www.exploit-db.com/exploits/43912 https://packetstormsecurity.com/files/146135/Joomla-JS-Support-Ticket-1.1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •