{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T13:34:43.315","vulnerabilities":[{"cve":{"id":"CVE-2023-7337","sourceIdentifier":"security@wordfence.com","published":"2026-03-04T10:16:06.683","lastModified":"2026-06-17T06:52:33.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."},{"lang":"es","value":"El plugin JS Help Desk – AI-Powered Support & Ticketing System para WordPress es vulnerable a inyección SQL a través de la cookie 'js-support-ticket-token-tkstatus' en la versión 2.8.2 debido a una solución incompleta para CVE-2023-50839 donde un segundo sink se dejó con escape insuficiente en los valores proporcionados por el usuario y falta de preparación suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados añadan consultas SQL adicionales en consultas ya existentes que pueden utilizarse para extraer información sensible de la base de datos."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rabilal","product":"JS Help Desk – AI-Powered Support & Ticketing System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-04T15:01:56.197397Z","id":"CVE-2023-7337","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/js-support-ticket/tags/2.8.2&new_path=/js-support-ticket/tags/2.8.3","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b841531b-8728-4933-b3c4-d4e10cbdca79?source=cve","source":"security@wordfence.com"}]}}]}