cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7094,https://securityvulnerability.io/vulnerability/CVE-2024-7094,Unauthenticated Code Execution Vulnerability in JS Help Desk WordPress Plugin,"The JS Help Desk – The Ultimate Help Desk & Support Plugin for WordPress has a significant vulnerability that allows PHP code injection through the 'storeTheme' function. This flaw is attributed to inadequate sanitization of user-input values, which can lead to unauthorized alterations in the style.php file. These weaknesses provide a pathway for unauthenticated attackers to execute arbitrary code on the server. The vulnerability exists in all versions prior to 2.8.6, which partially addressed the code injection risk. Comprehensive patches were further implemented in version 2.8.7, adding necessary authorization and cross-site request forgery protections.",Wordpress,Js Help Desk – The Ultimate Help Desk & Support Plugin,9.8,CRITICAL,0.0004400000034365803,false,,false,false,false,,false,false,2024-08-13T02:31:39.099Z,0
CVE-2018-21002,https://securityvulnerability.io/vulnerability/CVE-2018-21002,,The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.,Wordpress,Js Help Desk,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2019-08-27T11:24:58.000Z,0