PT-2026-22897 · WordPress · Js Help Desk – Ai-Powered Support & Ticketing System

Published

2026-03-04

Updated

2026-03-12

CVE-2023-7337

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress version 2.8.2

Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is susceptible to SQL Injection through the js-support-ticket-token-tkstatus cookie. This is due to an incomplete fix for a previous issue, leaving a second sink with insufficient escaping of user-supplied values and inadequate preparation of the existing SQL query. This allows unauthenticated attackers to append additional SQL queries to existing queries, potentially extracting sensitive information from the database.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-7337

Affected Products

Js Help Desk – Ai-Powered Support & Ticketing System

PT-2026-22897 · WordPress · Js Help Desk – Ai-Powered Support & Ticketing System

CVE-2023-7337

Weakness Enumeration

Related Identifiers

Affected Products

References · 10