cleantalk
Vulnerabilities and Security Researches

JS Help Desk – Best Help Desk & Support Plugin, CVE-2024-13607

CVE, Research URL

CVE-2024-13607

Home page URL

Security reports for JS Help Desk – Best Help Desk & Support Plugin

Application

JS Help Desk – Best Help Desk & Support Plugin

Published on
Feb 04, 2025
Research Description
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.
Affected versions
max 2.8.9.
Status
vulnerable
Previous vulnerability researches
JS Help Desk – Best Help Desk & Support Plugin (CVE-2024-7094) , Aug 14, 2024
JS Help Desk – Best Help Desk & Support Plugin (CVE-2024-13607) , Feb 05, 2025
JS Help Desk – Best Help Desk & Support Plugin (CVE-2025-30880) , Apr 03, 2025
JS Help Desk – Best Help Desk & Support Plugin (CVE-2025-30882) , Apr 03, 2025
JS Help Desk – Best Help Desk & Support Plugin (CVE-2025-30886) , Apr 03, 2025
New vulnerability
ElementInvader Addons for Elementor (CVE-2026-25028) , Feb 27, 2026
SportsPress – Sports Club & League Manager (CVE-2025-15368) , Feb 27, 2026
Addonify – WooCommerce Wishlist (CVE-2025-68024) , Feb 27, 2026
Cool Tag Cloud (CVE-2025-69011) , Feb 27, 2026
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026