WordPress Plugin Vulnerabilities

WP Support Plus Responsive Ticket System < 9.0.3 - Multiple Authenticated SQL Injection

Description

The WP Support Plus Responsive Ticket System WordPress plugin was affected by a Multiple Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-support-plus-responsive-ticket-system
Fixed in 9.0.3

References

CVE
CVE-2018-1000131
URL
https://github.com/00theway/exp/blob/master/wordpress/wpsupportplus.md
URL
https://plugins.trac.wordpress.org/changeset/1814103/wp-support-plus-responsive-ticket-system

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
cbbdb469-7321-44e4-a83b-cac82b116f20

Timeline

Publicly Published
2018-02-25 (about 8 years ago)
Added
2018-03-15 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-02-20
Title
Events Manager – Calendar, Bookings, Tickets, and more! < 6.6.4 - Unauthenticated SQL Injection via Event Status Parameter
Published
2025-10-08
Title
AnyComment <= 0.3.6 - Authenticated (Subscriber+) SQL Injection
Published
2017-08-24
Title
WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Published
2014-08-01
Title
Leaflet Maps Marker - Tag Multiple Parameter SQL Injection
Published
2023-11-09
Title
MainWP < 4.4.3.4 - Authenticated (Administrator+) SQL Injection