The vulnerability is an improper limitation of a pathname to a restricted directory (Path Traversal) that allows an attacker to download arbitrary files from the server via the JoomSky JS Help Desk plugin. An attacker can supply a crafted request that bypasses the intended directory restrictions, leading to disclosure of sensitive files such as configuration files, user data, or backup archives. The flaw is a classic Path Traversal weakness (CWE‑22) and does not require authentication, giving it a high potential impact on confidentiality by leaking content.

The flaw affects the WordPress plugin JoomSky JS Help Desk (js-support-ticket) in all released versions up to and including 2.9.1. Systems running a WordPress site with this plugin installed and without an updated version are vulnerable. No specific product name other than the plugin is listed, but the issue resides within the WordPress ecosystem.

The CVSS score of 7.5 indicates high severity, and the EPSS score of less than 1% suggests that exploit attempts are currently rare, though the vulnerability remains a valid attack vector. It is not listed in the CISA KEV catalog. Based on the description, an attacker could exploit this by accessing the plugin’s file download endpoint from a remote web page, using directory traversal characters to reach files outside the allowed base directory. It is inferred that no special privileges or complex prerequisites are required, making it a straightforward exploitation path for attackers.