cleantalk
Vulnerabilities and Security Researches

Support Ticket System, CVE-2015-7670

CVE, Research URL

CVE-2015-7670

Home page URL

Security reports for Support Ticket System

Application

Support Ticket System

Published on
Sep 26, 2017
Research Description
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.
Affected versions
Min -, max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Support Ticket System (CVE-2015-7670) , Jun 10, 2024
YDS Support Ticket System (CVE-2024-55985) , Dec 21, 2024
YDS Support Ticket System (CVE-2022-36388) , Jun 10, 2024
Live Support Tickets, Contact Forms, CRM (CVE-2024-49235) , Oct 18, 2024
Support Ticket (CVE-2025-49422) , Aug 24, 2025
New vulnerability
Sessions (CVE-2025-57890) , Aug 25, 2025
WP Admin Theme (CVE-2025-48325) , Aug 25, 2025
Site Offline Or Coming Soon Or Maintenance Mode (CVE-2025-48348) , Aug 25, 2025
Ni WooCommerce Customer Product Report (CVE-2025-7827) , Aug 25, 2025
Ogulo – 360° Tour (CVE-2025-9131) , Aug 25, 2025