cleantalk
Vulnerabilities and Security Researches

JS Help Desk – Best Help Desk & Support Plugin, CVE-2023-7337

CVE, Research URL

CVE-2023-7337

Home page URL

Security reports for JS Help Desk – Best Help Desk & Support Plugin

Application

JS Help Desk – Best Help Desk & Support Plugin

Published on
Mar 04, 2026
Research Description
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 2.8.3.
Status
vulnerable
Previous vulnerability researches
Verge3D Publishing and E-Commerce (CVE-2025-22709) , Jan 19, 2025
Verge3D Publishing and E-Commerce (CVE-2025-30833) , Apr 02, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2023-51421) , Jun 06, 2024
Verge3D Publishing and E-Commerce (CVE-2023-51420) , Jun 06, 2024
New vulnerability
MMA Call Tracking (CVE-2026-1215) , Apr 16, 2026
Percent to Infograph (CVE-2026-1939) , Apr 16, 2026
Magic Login Mail (CVE-2026-2144) , Apr 16, 2026
PostmarkApp Email Integrator (CVE-2026-1043) , Apr 16, 2026
Name Directory (CVE-2026-1866) , Apr 15, 2026