CVE-2026-2511

{"id": "CVE-2026-2511", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-26T14:16:10.017", "references": [{"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/3.0.4/modules/fieldordering/model.php#L181", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/3.0.4/modules/fieldordering/model.php#L996", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/3.0.4/modules/ticket/model.php#L1178", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3463031/", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2959c04a-70bd-4f5c-a61a-1eab2609f8ef?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The JS Help Desk \u2013 AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El plugin JS Help Desk \u2013 AI-Powered Support & Ticketing System para WordPress es vulnerable a inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'multiformid' en la funci\u00f3n 'storeTickets()' en todas las versiones hasta e incluyendo la 3.0.4. Esto se debe a que el valor 'multiformid' proporcionado por el usuario se pasa a 'esc_sql()' sin encerrar el resultado entre comillas en la consulta SQL, lo que hace que el escape sea ineficaz contra cargas \u00fatiles que no contienen caracteres de comillas. Esto hace posible que atacantes no autenticados a\u00f1adan consultas SQL adicionales a consultas ya existentes que pueden utilizarse para extraer informaci\u00f3n sensible de la base de datos."}], "lastModified": "2026-04-24T16:35:20.070", "sourceIdentifier": "security@wordfence.com"}