| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23753 | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter | GFI Software | HelpDesk | Medium | 4.8 | 2026-04-20 17:33:59 | Deep Dive |
| CVE-2026-23752 | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter | GFI Software | HelpDesk | Medium | 4.8 | 2026-04-20 17:33:23 | Deep Dive |
| CVE-2026-23756 | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject | GFI Software | HelpDesk | Medium | 5.4 | 2026-04-20 17:30:51 | Deep Dive |
| CVE-2026-23758 | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter | GFI Software | HelpDesk | - | - | 2026-04-20 17:30:07 | Deep Dive |
| CVE-2026-23757 | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module | GFI Software | HelpDesk | Medium | 5.4 | 2026-04-20 17:27:56 | Deep Dive |
| CVE-2024-58343 | Vision Helpdesk 安全漏洞 | Vision | Helpdesk | Medium | 4.3 | 2026-04-16 22:27:03 | Deep Dive |
| CVE-2026-4654 | Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 5.3 | 2026-04-08 07:43:03 | Deep Dive |
| CVE-2026-23977 | WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability | WPFactory | Helpdesk Support Ticket System for WooCommerce | High | 7.5 | 2026-03-25 16:14:31 | Deep Dive |
| CVE-2025-68837 | WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability | ELEXtensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 6.5 | 2026-02-20 15:46:42 | Deep Dive |
| CVE-2025-14079 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 5.3 | 2026-02-05 09:13:45 | Deep Dive |
| CVE-2020-37091 | Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) | Maian Media | Maian Support Helpdesk | Medium | 5.3 | 2026-02-03 22:01:51 | Deep Dive |
| CVE-2026-1251 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference | psmplugins | SupportCandy – Helpdesk & Customer Support Ticket System | Medium | 5.4 | 2026-01-31 06:39:23 | Deep Dive |
| CVE-2026-0683 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter | psmplugins | SupportCandy – Helpdesk & Customer Support Ticket System | Medium | 6.5 | 2026-01-31 05:52:47 | Deep Dive |
| CVE-2025-12641 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 6.5 | 2026-01-16 04:44:35 | Deep Dive |
| CVE-2025-13657 | HelpDesk contact form plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args | helpdeskcom | HelpDesk Contact Form | Medium | 4.3 | 2026-01-07 06:36:00 | Deep Dive |
| CVE-2025-9343 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | High | 7.2 | 2025-12-21 03:20:04 | Deep Dive |
| CVE-2025-14581 | HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply | villatheme | HAPPY – Helpdesk Support Ticket System | Medium | 4.3 | 2025-12-13 03:20:25 | Deep Dive |
| CVE-2025-10655 | Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data | Frappe | Frappe HelpDesk | - | - | 2025-12-09 14:49:53 | Deep Dive |
| CVE-2025-13534 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 6.3 | 2025-12-02 08:24:54 | Deep Dive |
| CVE-2025-10039 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 12:28:10 | Deep Dive |