SQL Injection Vulnerability in JoomSky JS Help Desk
CVE-2025-30886

9.3CRITICAL

Key Information:

Vendor: Joomsky
Status: Js Help Desk
Vendor: CVE Published:; 1 April 2025

Summary

A security flaw in the JoomSky JS Help Desk plugin enables attackers to execute SQL injection attacks, potentially compromising the database and exposing sensitive data. This vulnerability affects versions of the JS Help Desk plugin up to 2.9.2. Proper input validation measures were not implemented, allowing malicious SQL commands to be executed via user input, which could lead to unauthorized access and data manipulation. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

JS Help Desk <= 2.9.2

References

https://patchstack.com/database/wordpress/plugin/js-suppo...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

LVT-tholv2k (Patchstack Alliance)