Threat Entry Updated 2025-05-26

CVE-2024-13568 - Fluent Support Plugin

The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets.

PLUGIN Fluent Support

CVE-2024-13568

HIGH CVSS 7.5 2025-03-01

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-51547 - Fluent Support Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.

PLUGIN Fluent Support

CVE-2023-51547

HIGH CVSS 7.6 2023-12-31

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-2559 - Fluent Support Plugin

The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users

PLUGIN Fluent Support

CVE-2022-2559

HIGH CVSS 7.2 2022-08-29

Risk Score

Open Full Technical Breakdown