JS Help Desk – The Ultimate Help Desk & Support Plugin < 2.8.9 – Unauthenticated Sensitive Information Exposure Through Unprotected Directory | CVE 2024-13606 | Plugin Vulnerabilities

Description

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.

Affects Plugins

js-support-ticket

Fixed in 2.8.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e8ed5d5d-86b0-40ac-a093-31392dea13a2

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Tim Coen

Verified

No

WPVDB ID

495a8a93-d6f8-433a-8133-24b14b0a122a

Timeline

Publicly Published

2025-02-12 (about 1 year ago)

Added

2025-02-12 (about 1 year ago)

Last Updated

2025-03-11 (about 1 year ago)

Other

Published

Title

Published

2025-05-16

Title

Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Unauthenticated Information Exposure

Published

2025-12-15

Title

Document Library Lite < 1.2.0 - Unauthenticated Insecure Direct Object Reference

Published

2024-05-21

Title

NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure

Published

2024-08-12

Title

Store Locator Plus <= 2311.17.01 - Unauthenticated Sensitive Information Exposure

Published

2024-04-22

Title

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder < 2.6.1 - Information Exposure