MidnightBSD

Advisories for wiselyhub

CVE-2022-46839

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
wiselyhub js_help_desk *
CVE-2022-46842

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

Products Affected

Vendor Product Version
wiselyhub js_help_desk *
CVE-2023-50839

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
audit@patchstack.com 9.3 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L 3.9 4.7

Products Affected

Vendor Product Version
wiselyhub js_help_desk *
CVE-2024-13606

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
wiselyhub js_help_desk *
CVE-2024-31273

Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
wiselyhub js_help_desk *