WordPress Plugin Vulnerabilities

WP Support Plus Responsive Ticket System < 9.1.2 - Stored XSS

Description

The WP Support Plus Responsive Ticket System WordPress plugin was affected by a Stored XSS security vulnerability.

Affects Plugins

Plugin icon
wp-support-plus-responsive-ticket-system
Fixed in 9.1.2

References

CVE
CVE-2019-7299
CVE
CVE-2019-15331
URL
https://cert.kalasag.com.ph/news/research/cve-2019-7299-stored-xss-in-wp-support-plus-responsive-ticket-system/
URL
https://plugins.trac.wordpress.org/changeset/2024484/wp-support-plus-responsive-ticket-system

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Christian Angel (KALASAG)
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e406c3e8-1fab-41fd-845a-104467b0ded4

Timeline

Publicly Published
2019-02-04 (about 7 years ago)
Added
2019-03-19 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-07-24
Title
Snazzy Maps < 1.1.5 - Multiple Cross-Site Scripting (XSS)
Published
2025-06-03
Title
Revolution Video Player <= 2.9.2 - Reflected Cross-Site Scripting
Published
2024-05-20
Title
Tainacan < 0.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-09-06
Title
ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)
Published
2012-01-01
Title
WP Live.php <= 1.2.1 - Cross-Site Scripting (XSS)