CVE-2024-13606

Name of the Vulnerable Software and Affected Versions JS Help Desk – The Ultimate Help Desk & Support Plugin versions up to, and including, 2.8.8

Description The issue concerns the exposure of sensitive information in the JS Help Desk plugin for WordPress. This vulnerability allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory, which can contain file attachments included in support tickets. The jssupportticketdata directory is the key point of exploitation.

Recommendations For versions up to, and including, 2.8.8, update to a version higher than 2.8.8 to resolve the issue. As a temporary workaround, consider restricting access to the /wp-content/uploads/jssupportticketdata directory to minimize the risk of exploitation. Avoid using the jssupportticketdata directory until the issue is resolved.