Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical1
High2
Medium1
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-03-30

CVE-2026-2511 - Js Support Ticket Plugin

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract…

PLUGIN Js Support Ticket

CVE-2026-2511

HIGH CVSS 7.5 2026-03-26
Open Full Technical Breakdown
Threat Entry Updated 2025-02-18

CVE-2024-13606 - Js Support Ticket Plugin

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.

PLUGIN Js Support Ticket

CVE-2024-13606

HIGH CVSS 7.5 2025-02-13
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-13607 - Js Support Ticket Plugin

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.

PLUGIN Js Support Ticket

CVE-2024-13607

MEDIUM CVSS 4.3 2025-02-04
Open Full Technical Breakdown
Threat Entry Updated 2024-08-13

CVE-2024-7094 - Js Support Ticket Plugin

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully…

PLUGIN Js Support Ticket

CVE-2024-7094

CRITICAL CVSS 9.8 2024-08-13
Open Full Technical Breakdown
Scroll to top