cleantalk
Vulnerabilities and Security Researches

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout, CVE-2024-12443

CVE, Research URL

CVE-2024-12443

Home page URL

Security reports for CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Application

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Published on
Dec 17, 2024
Research Description
The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.1.7.
Status
vulnerable
Previous vulnerability researches
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout (CVE-2025-24558) , Feb 16, 2025
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout (CVE-2024-12443) , Dec 18, 2024
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout (CVE-2025-39558) , Apr 19, 2025
New vulnerability
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025