PT-2019-18518 · WordPress · Wp-Support-Plus-Responsive-Ticket-System

Published

2019-03-18

Updated

2019-03-26

CVE-2019-7299

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP Support Plus Responsive Ticket System plugin version 9.1.1

Description A stored cross-site scripting issue in the submit ticket.php module allows remote attackers to inject arbitrary web script or HTML via the subject parameter in the /wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit ticket.php endpoint.

Recommendations For WP Support Plus Responsive Ticket System plugin version 9.1.1, consider restricting access to the submit ticket.php module until a patch is available. As a temporary workaround, avoid using the subject parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7299

Affected Products

Wp-Support-Plus-Responsive-Ticket-System

PT-2019-18518 · WordPress · Wp-Support-Plus-Responsive-Ticket-System

CVE-2019-7299

Weakness Enumeration

Related Identifiers

Affected Products

References · 5