PT-2025-36107 · WordPress · Wordpress Helpdesk Integration
Aril Aprilio
·
Published
2025-09-05
·
Updated
2025-09-10
·
CVE-2025-9990
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WordPress Helpdesk Integration versions up to and including 5.8.10
Description
The WordPress Helpdesk Integration plugin for WordPress is susceptible to Local File Inclusion via the
portal type parameter. This allows unauthenticated attackers to include and execute arbitrary .php files on the server, potentially enabling them to bypass access controls, obtain sensitive data, or achieve code execution if .php file uploads are permitted.Recommendations
Update WordPress Helpdesk Integration to a version later than 5.8.10.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress Helpdesk Integration