CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46838 – WordPress JS Help Desk plugin <= 2.7.1 - Unauthenticated Settings Change Vulnerability
https://notcve.org/view.php?id=CVE-2022-46838
27 Jan 2023 — Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. The JS Help Desk plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.7.1. This makes it possible for unauthenticated attackers to update the plugin's ... • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-7-1-unauthenticated-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-6007 – Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-6007
28 Jan 2018 — CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. Existe Cross-Site Request Forgery (CSRF) en el componente JS Support Ticket 1.1.0 para Joomla! y permite que los atacantes inyecten HTML o editen un ticket. Joomla! • https://packetstorm.news/files/id/146135 • CWE-352: Cross-Site Request Forgery (CSRF) •