Impact
Unauthenticated SQL Injection is present in versions 3.0.9 and earlier of the WordPress JS Help Desk plugin. The vulnerability arises from the plugin’s handling of user data in database queries, enabling attackers to inject unsanitized SQL code. This can lead to unauthorized access to the database.
Affected Systems
Ahmad:JS Help Desk is a WordPress plugin, with affected releases up to and including 3.0.9. Any WordPress site that has installed this plugin version (or older) is vulnerable. No further version granularity is listed in the CNA data.
Risk and Exploitability
The CVSS score of 9.3 indicates a critical severity, whereas the EPSS score of <1% suggests a low current exploitation probability. The flaw is exploitable by unauthenticated users via the web interface and is not listed in the CISA KEV catalog. The vendor recommends upgrading to version 3.1.0 or newer.
OpenCVE Enrichment