WordPress Plugin Vulnerabilities

Support Ticket System <= 1.2 - Unauthenticated SQL Injection

Description

The Support Ticket System WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
simple-support-ticket-system
Fixed in 1.2.1

References

CVE
CVE-2015-7670
URL
https://packetstormsecurity.com/files/#133885/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
728cb636-d50f-4a72-bb2b-68e4f69e8432

Timeline

Publicly Published
2015-10-06 (about 10 years ago)
Added
2015-10-07 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-12-11
Title
SeedProd Pro < 6.18.13 - Authenticated (Editor+) SQL Injection
Published
2021-11-18
Title
WP User Frontend < 3.5.25 - Admin+ SQL Injection
Published
2024-06-10
Title
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Published
2022-01-24
Title
Popup Builder < 4.0.7 - Admin+ SQL Injection
Published
2025-09-28
Title
Image&Video FullScreen Background <= 1.6.7 - Authenticated (Contributor+) SQL Injection