Unrestricted Upload of Malicious Files Vulnerability Affects JS Help Desk - Best Help Desk & Support Plugin
CVE-2023-25444

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Js Help Desk – Best Help Desk & Support Plugin
Vendor: CVE Published:; 17 May 2024

Summary

The vulnerability in the JS Help Desk – Best Help Desk & Support Plugin exists due to unrestricted file uploads, which enables attackers to upload dangerous files. This exploit can lead to malicious scripts being executed on the server, exposing websites to unauthorized access and potential data breaches. The affected versions include any release prior to 2.7.7, making it crucial for users to patch their installations to secure their systems against this threat.

Affected Version(s)

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7

References

https://patchstack.com/database/vulnerability/js-support-...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Feb 6, 2023

Credit

Abdi Pranata (Patchstack Alliance)