Headline
CVE-2022-46842: WordPress JS Help Desk plugin <= 2.7.1 - Multiple Cross Site Request Forgery (CSRF) Vulnerabilities - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.
Solution
Update the WordPress JS Help Desk – Best Help Desk & Support Plugin plugin to the latest available version (at least 2.7.2).
Vlad Vector discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 2.7.2.
4 other known vulnerabilities for this pluginTo plugin page
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more