JS Help Desk < 2.8.3 – Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie | CVE 2023-7337

Description

The plugin is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Proof of Concept

https://github.com/Sechunt3r/CVE-POCs/tree/main/CVE-2023-7337

Affects Plugins

js-support-ticket

Fixed in 2.8.3

References

CVE

CVE-2023-7337

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/b841531b-8728-4933-b3c4-d4e10cbdca79

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Shivam Kamboj (PoC)

Verified

WPVDB ID

1b861146-a8b6-4f16-bf97-2bdfb8a86db2

Timeline

Publicly Published

2026-03-03 (about 2 months ago)

Added

2026-03-03 (about 2 months ago)

Last Updated

2026-03-06 (about 2 months ago)

Other

Published

Title

Published

2015-12-02

Title

Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection

Published

2022-02-21

Title

Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection

Published

2018-06-22

Title

iThemes Security <= 7.0.2 - Authenticated SQL Injection

Published

2014-08-01

Title

Participants Database < 1.5.4.9 - Unauthenticated SQL Injection

Published

2026-01-22

Title

Traveler < 3.2.8 - Authenticated (Contributor+) SQL Injection