SQL Injection Vulnerability in Majestic Support Help Desk Plugin for WordPress
CVE-2026-13262

6.5MEDIUM

What is CVE-2026-13262?

The Majestic Support Plugin for WordPress contains a SQL Injection vulnerability due to insufficient escaping of the 'val' parameter in all versions up to 1.1.9. This flaw allows unauthenticated attackers to manipulate SQL queries by injecting additional commands. By obtaining a valid 'get-smart-reply' nonce, which can be easily acquired by any Subscriber-level user through creating a ticket, malicious actors can leverage this vulnerability to extract sensitive information from the database, potentially compromising the integrity and confidentiality of user data.

Affected Version(s)

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin 0 <= 1.1.9

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CHOIGYEONGMIN
.