CVE-2023-25444
WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.
Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en JS Help Desk JS Help Desk – Best Help Desk & Support Plugin permite el uso de archivos maliciosos. Este problema afecta a JS Help Desk – Best Help Desk & Support Plugin: desde n/a hasta 2.7.7.
The JS Help Desk plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.7.7. This makes it possible for administrators to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-02-06 CVE Reserved
- 2023-08-17 CVE Published
- 2024-05-17 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
- CAPEC-17: Using Malicious Files
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Js Support Ticket Search vendor "Js Support Ticket" | Js Support Ticket Search vendor "Js Support Ticket" for product "Js Support Ticket" | >= 0.0.0 <= 2.7.7 Search vendor "Js Support Ticket" for product "Js Support Ticket" and version " >= 0.0.0 <= 2.7.7" | en |
Affected
| ||||||