WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection
CVE-2023-50839

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Js Help Desk – Best Help Desk & Support Plugin
Vendor: CVE Published:; 28 December 2023

Summary

An SQL Injection vulnerability is present in the JS Help Desk – Best Help Desk & Support Plugin, which allows unauthorized access to the database. This vulnerability occurs due to improper handling of user input in SQL commands, enabling attackers to manipulate queries and potentially extract sensitive information. Affected versions include those before 2.8.1, making it imperative for users to update their installations to mitigate risks.

Affected Version(s)

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1

References

https://patchstack.com/database/vulnerability/js-support-...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 28, 2023
Vulnerability Reserved
Dec 14, 2023

Credit

Fariq Fadillah Gusti Insani (Patchstack Alliance)