WordPress Plugin Vulnerabilities

JS Help Desk – Best Help Desk & Support Plugin < 2.8.4 - Missing Authorization

Description

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
js-support-ticket
Fixed in 2.8.4

References

CVE
CVE-2024-31273
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea7b7b5-ba3a-4d9c-9a63-ed9f645c6b1b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Fariq Fadillah Gusti Insani (fariqfgi)
Verified
No
WPVDB ID
eb284c9f-2de1-4587-84eb-3d93d676ebac

Timeline

Publicly Published
2024-04-05 (about 2 years ago)
Added
2024-04-11 (about 2 years ago)
Last Updated
2024-04-11 (about 2 years ago)

Other

Published
Title
Published
2026-01-06
Title
Guest posting / Frontend Posting / Front Editor – WP Front User Submit < 5.0.1 - Missing Authorization to Unauthenticated Media Deletion
Published
2021-11-22
Title
WP Guppy < 1.3 - Sensitive Information Disclosure
Published
2025-11-28
Title
Virtuaria PagBank / PagSeguro para Woocommerce < 3.6.4 - Missing Authorization
Published
2024-08-07
Title
Orchid Store < 1.5.7 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation
Published
2026-02-25
Title
Pochipp < 1.18.9 - Missing Authorization