Vulnerabilities > Wpsupportplus

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2019-15331 Cross-site Scripting vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.
network
low complexity
wpsupportplus CWE-79
6.1
2019-08-22 CVE-2016-10930 Improper Input Validation vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.
network
low complexity
wpsupportplus CWE-20
critical
9.8
2019-08-22 CVE-2014-10391 Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
network
low complexity
wpsupportplus CWE-74
6.1
2019-08-22 CVE-2014-10390 Path Traversal vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
network
low complexity
wpsupportplus CWE-22
critical
9.1
2019-08-22 CVE-2014-10389 Improper Authentication vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
network
low complexity
wpsupportplus CWE-287
critical
9.8
2019-08-22 CVE-2014-10388 Information Exposure vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
network
low complexity
wpsupportplus CWE-200
5.3
2019-08-22 CVE-2014-10387 SQL Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
network
low complexity
wpsupportplus CWE-89
critical
9.8
2019-03-21 CVE-2019-7299 Cross-site Scripting vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System 9.1.1
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.
network
low complexity
wpsupportplus CWE-79
6.1
2018-03-14 CVE-2018-1000131 SQL Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter.
network
low complexity
wpsupportplus CWE-89
critical
9.8