Which WP Support Plus Responsive Ticket System CVEs are tracked?

WP Support Plus Responsive Ticket System tracked CVEs include CVE-2018-1000131, CVE-2014-10389, CVE-2014-10387, CVE-2016-10930, and CVE-2014-10390.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 12 known issues Latest disclosed Feb 04, 2019

WP Support Plus Responsive Ticket System Vulnerabilities

Q: How many WP Support Plus Responsive Ticket System vulnerabilities have patch guidance?

12 of 12 tracked WP Support Plus Responsive Ticket System records include a published patch path.

Review known vulnerability records for the WordPress plugin WP Support Plus Responsive Ticket System (`wp-support-plus-responsive-ticket-system`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2019-7299, CVE-2019-15331 and CVE-2018-1000131, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jan 22, 2024

Priority CVE Quick Links

Fast paths into WP Support Plus Responsive Ticket System CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2018-1000131 Critical 9.0.3

CVE-2018-1000131 WP Support Plus Responsive Ticket System SQL Injection

WP Support Plus Responsive Ticket System <= 9.0.2 - SQL Injection

CVE-2014-10389 Critical 4.2

CVE-2014-10389 WP Support Plus Responsive Ticket System Vulnerability

WP Support Plus Responsive Ticket System <= 4.1 - Improper Authentication

CVE-2014-10387 Critical 4.2

CVE-2014-10387 WP Support Plus Responsive Ticket System SQL Injection

Support Plus Responsive Ticket System <= 4.1 - SQL Injection

CVE-2016-10930 High 7.1.0

CVE-2016-10930 WP Support Plus Responsive Ticket System Authorization Bypass

Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference

CVE-2014-10390 High 4.2

CVE-2014-10390 WP Support Plus Responsive Ticket System Vulnerability

WP Support Plus Responsive Ticket System <= 4.1 - Directory Traversal

CVE-2019-15331 High 9.1.2

CVE-2019-15331 WP Support Plus Responsive Ticket System Stored Cross-Site Scripting

WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting

CVE-2019-7299 Medium 9.1.2

CVE-2019-7299 WP Support Plus Responsive Ticket System Stored Cross-Site Scripting

WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting

CVE-2014-10391 Medium 4.1

CVE-2014-10391 WP Support Plus Responsive Ticket System Vulnerability

WP Support Plus Responsive Ticket System <= 4.0 - JavaScript Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Support Plus Responsive Ticket System so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

12 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

4 critical and 5 high severity findings.

Recent CVEs

CVE-2019-7299, CVE-2019-15331 and CVE-2018-1000131

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2019-7299 Medium Patch path listed

CVE-2019-7299: WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject...

Published

Feb 04, 2019

Patch Status

9.1.2

Open CVE-2019-7299 Report

CVE-2019-15331 High Patch path listed

CVE-2019-15331: WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting

The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.

Published

Feb 04, 2019

Patch Status

9.1.2

Open CVE-2019-15331 Report

CVE-2018-1000131 Critical Patch path listed

CVE-2018-1000131: WP Support Plus Responsive Ticket System <= 9.0.2 - SQL Injection

Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie...

Published

Feb 25, 2018

Patch Status

9.0.3

Open CVE-2018-1000131 Report

Known Vulnerabilities

Reports for WP Support Plus Responsive Ticket System

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2019-7299

CVE-2019-7299: WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-p...

Published

Feb 04, 2019

Patched Release

9.1.2

Affected Versions

Versions before 9.1.2

Next Step

Update to 9.1.2 or newer if supported.

Open CVE-2019-7299 Report Open CVE Reference

Plugin High Patched: Yes CVE-2019-15331

CVE-2019-15331: WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting

The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.

Published

Feb 04, 2019

Patched Release

9.1.2

Affected Versions

Versions before 9.1.2

Next Step

Update to 9.1.2 or newer if supported.

Open CVE-2019-15331 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2018-1000131

CVE-2018-1000131: WP Support Plus Responsive Ticket System <= 9.0.2 - SQL Injection

Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appears to be exploitabl...

Published

Feb 25, 2018

Patched Release

9.0.3

Affected Versions

Versions up to 9.0.2

Next Step

Update to 9.0.3 or newer if supported.

Open CVE-2018-1000131 Report Open CVE Reference

Plugin High Patched: Yes

WP Support Plus Responsive Ticket System <= 8.0.7 - Arbitrary File Upload

The WP Support Plus Responsive Ticket System plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including 8.0.7. This is due to insufficient file type validation on the wpsp_upload_attachment AJAX action which makes it possible for authenticated a...

Published

Nov 11, 2017

Patched Release

8.0.8

Affected Versions

Versions before 8.0.8

Next Step

Update to 8.0.8 or newer if supported.

Open Full Report

Plugin High Patched: Yes

WP Support Plus Responsive Ticket System <= 7.1.4 - SQL Injection

The WP Support Plus Responsive Ticket System plugin for WordPress is vulnerable to generic SQL Injection via the "$_POST[‘cat_id’]" parameter in versions up to, and including, 7.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

Published

Dec 12, 2016

Patched Release

8.0.0

Affected Versions

Versions up to 7.1.4

Next Step

Update to 8.0.0 or newer if supported.

Open Full Report

Plugin High Patched: Yes CVE-2016-10930

CVE-2016-10930: Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

Published

Sep 20, 2016

Patched Release

7.1.0

Affected Versions

Versions before 7.1.0

Next Step

Update to 7.1.0 or newer if supported.

Open CVE-2016-10930 Report Open CVE Reference

Plugin Critical Patched: Yes

WP Support Plus Responsive Ticket System <= 7.1.4 - Authentication Bypass

The WP Support Plus Responsive Ticket System plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 7.1.4. This is due to the plugin only requiring a valid email for the loginGuestFacebook AJAX action which is passed to the wp_set_auth_cooki...

Published

Jun 12, 2016

Patched Release

8.0.0

Affected Versions

Versions before 8.0.0

Next Step

Update to 8.0.0 or newer if supported.

Open Full Report

Plugin Critical Patched: Yes CVE-2014-10389

CVE-2014-10389: WP Support Plus Responsive Ticket System <= 4.1 - Improper Authentication

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.

Published

Nov 15, 2014

Patched Release

4.2

Affected Versions

Versions up to 4.1

Next Step

Update to 4.2 or newer if supported.

Open CVE-2014-10389 Report Open CVE Reference

Plugin High Patched: Yes CVE-2014-10390

CVE-2014-10390: WP Support Plus Responsive Ticket System <= 4.1 - Directory Traversal

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

Published

Nov 15, 2014

Patched Release

4.2

Affected Versions

Versions before 4.2

Next Step

Update to 4.2 or newer if supported.

Open CVE-2014-10390 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2014-10391

CVE-2014-10391: WP Support Plus Responsive Ticket System <= 4.0 - JavaScript Injection

The WP Support Plus Responsive Ticket System plugin for WordPress is vulnerable to JavaScript Injection in versions up to, and including, 4.0. This makes it possible for unauthenticated attackers to inject potentially malicious JavaScript code into the vulnerable service.

Published

Nov 04, 2014

Patched Release

4.1

Affected Versions

Versions up to 4.0

Next Step

Update to 4.1 or newer if supported.

Open CVE-2014-10391 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2014-10387

CVE-2014-10387: Support Plus Responsive Ticket System <= 4.1 - SQL Injection

The Support Plus Responsive Ticket System plugin before 4.2 for WordPress has SQL injection.

Published

Sep 09, 2014

Patched Release

4.2

Affected Versions

Versions before 4.2

Next Step

Update to 4.2 or newer if supported.

Open CVE-2014-10387 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2014-10388

CVE-2014-10388: Support Plus Responsive Ticket System <= 4.1 - Full Path Disclosure

The Support Plus Responsive Ticket System plugin before 4.2 for WordPress has full path disclosure.

Published

Sep 09, 2014

Patched Release

4.2

Affected Versions

Versions before 4.2

Next Step

Update to 4.2 or newer if supported.

Open CVE-2014-10388 Report Open CVE Reference