Vulnerabilities and security researches forfluent-support fluent-support

Jun 07, 2024

CVE, Research URL: CVE-2023-51547
Home page URL: Security reports for Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Application: Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Date: Dec 31, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-2559
Home page URL: Security reports for Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Application: Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Date: Aug 29, 2022
Research Description: The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users
Affected versions: Min -, max -.
Status: vulnerable

Sep 28, 2024

CVE, Research URL: CVE-2024-47304
Home page URL: Security reports for Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Application: Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Date: Oct 17, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-47302
Home page URL: Security reports for Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Application: Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0.
Affected versions: Min -, max -.
Status: vulnerable

Mar 01, 2025

CVE, Research URL: CVE-2024-13568
Home page URL: Security reports for Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Application: Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Date: Mar 01, 2025
Research Description: The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets.
Affected versions: Min -, max -.
Status: vulnerable

Aug 24, 2025

CVE, Research URL: CVE-2025-57885
Home page URL: Security reports for Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Application: Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin
Date: Aug 22, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1.
Affected versions: Min -, max -.
Status: vulnerable