CVE-2018-1000131 Information

Feb 19, 2026 cve

Description

Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.

Vulnerability Type (CWE)

CWE-89

Published

2018-03-14

Last Modified

2018-04-13

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

9.8 CRITICAL

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

References

https://github.com/00theway/exp/blob/master/wordpress/wpsupportplus.md (Exploit,Third Party Advisory) https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers (Release Notes,Third Party Advisory) https://wpvulndb.com/vulnerabilities/9041 (Third Party Advisory)

Share on: