CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30878 – WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-30878
27 Mar 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.2. The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, ... • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30880 – WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-30880
27 Mar 2025 — Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2. The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30882 – WordPress JS Help Desk plugin <= 2.9.1 - Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2025-30882
27 Mar 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.1. The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to downlod the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-1-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30886 – WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-30886
27 Mar 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2. The JS Help Desk plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL q... • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30901 – WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-30901
27 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2. The JS Help Desk plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.9.2. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. T... • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51670 – WordPress JS Help Desk plugin <= 2.8.7 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51670
01 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Stored XSS.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.7. The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it pos... • https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-8-7-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31273 – WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31273
05 Apr 2024 — Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3. Vulnerabilidad de autorización faltante en JS Help Desk JS Help Desk – Best Help Desk & Support Plugin. Este problema afecta a JS Help Desk: el mejor complemento de soporte y soporte técnico: desde n/a hasta 2.8.3. The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to unauthorized a... • https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25444 – WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-25444
17 Aug 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en JS Help Desk JS Help Desk – Best Help Desk & Support Plugin permite el uso de archivos maliciosos. Este problema afecta a JS Help Desk – Best Help Desk & Support Plugin: desde n/a has... • https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-best-help-desk-support-plugin-plugin-2-7-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46838 – WordPress JS Help Desk plugin <= 2.7.1 - Unauthenticated Settings Change Vulnerability
https://notcve.org/view.php?id=CVE-2022-46838
27 Jan 2023 — Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. The JS Help Desk plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.7.1. This makes it possible for unauthenticated attackers to update the plugin's ... • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-7-1-unauthenticated-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46840 – WordPress JS Help Desk plugin <= 2.7.1 - Broken Access Control
https://notcve.org/view.php?id=CVE-2022-46840
27 Jan 2023 — Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. The JS Help Desk plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level pe... • https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-7-1-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •