ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Support Plus Responsive Ticket System plugin <=9.0.2 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Product
WP Support Plus Responsive Ticket System
Description
Multiple Authenticated SQL Injection (SQLi) vulnerabilities found by 00theway in WordPress WP Support Plus Responsive Ticket System plugin (versions <=9.0.2).
Solution
Update the WordPress WP Support Plus Responsive Ticket System plugin to the latest available version (at least 9.0.3).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2018-1000131
Versions
Affected In <=9.0.2
Fixed In 9.0.3
Disclosure date
2018-03-15
Credits
00theway
Submitter
ThreatPress