← Back

CVE-2024-13606

nvd nist
Published: Feb 13, 2025Modified: Jun 17, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: security@wordfence.com (Secondary)

Description

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.

Affected (1)

1 product
Js Help Desk
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Before 2.8.9

Timeline

No history available yet.