CVE-2024-13606

High CVSS: 7.5

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.

Vendor

Wiselyhub

Product

Js Help Desk

CWE

CWE-200

Yayın Tarihi

2025-02-13 10:15:09

Güncelleme

2025-02-18 18:46:05

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 Js Help Desk HIGH Wiselyhub 2025

Referanslar

https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.8/includes/classes/uploads.php https://www.wordfence.com/threat-intel/vulnerabilities/id/e8ed5d5d-86b0-40ac-a093-31392dea13a2?source=cve

Benzer Kayıtlar

Unknown

CVE-2025-30882

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-…

Critical

CVE-2025-30886

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help De…

Unknown

CVE-2025-30901

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in…

Critical

CVE-2025-30878

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-…

Unknown

CVE-2025-30880

Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured A…