Name of the Vulnerable Software and Affected Versions:

WordPress Helpdesk Integration versions up to and including 5.8.10

Description:

The WordPress Helpdesk Integration plugin for WordPress is susceptible to Local File Inclusion via the `portal type` parameter. This allows unauthenticated attackers to include and execute arbitrary .php files on the server, potentially enabling them to bypass access controls, obtain sensitive data, or achieve code execution if .php file uploads are permitted.

Recommendations:

Update WordPress Helpdesk Integration to a version later than 5.8.10.