cleantalk
Vulnerabilities and Security Researches

JS Help Desk – Best Help Desk & Support Plugin, CVE-2024-13606

CVE, Research URL

CVE-2024-13606

Home page URL

Security reports for JS Help Desk – Best Help Desk & Support Plugin

Application

JS Help Desk – Best Help Desk & Support Plugin

Published on
Feb 13, 2025
Research Description
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.
Affected versions
max 2.8.9.
Status
vulnerable
Previous vulnerability researches
JS Help Desk – Best Help Desk & Support Plugin (CVE-2024-7094) , Aug 14, 2024
JS Help Desk – Best Help Desk & Support Plugin (CVE-2024-13607) , Feb 05, 2025
JS Help Desk – Best Help Desk & Support Plugin (CVE-2025-30880) , Apr 03, 2025
JS Help Desk – Best Help Desk & Support Plugin (CVE-2025-30882) , Apr 03, 2025
JS Help Desk – Best Help Desk & Support Plugin (CVE-2025-30886) , Apr 03, 2025
New vulnerability
ElementInvader Addons for Elementor (CVE-2026-25028) , Feb 27, 2026
SportsPress – Sports Club & League Manager (CVE-2025-15368) , Feb 27, 2026
Addonify – WooCommerce Wishlist (CVE-2025-68024) , Feb 27, 2026
Cool Tag Cloud (CVE-2025-69011) , Feb 27, 2026
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026