Vulnerability Description
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpsupportplus | Wp Support Plus Responsive Ticket System | <= 9.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/00theway/exp/blob/master/wordpress/wpsupportplus.mdExploitThird Party Advisory
- https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developeRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9041Third Party Advisory
- https://github.com/00theway/exp/blob/master/wordpress/wpsupportplus.mdExploitThird Party Advisory
- https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developeRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9041Third Party Advisory
FAQ
What is CVE-2018-1000131?
CVE-2018-1000131 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was inject...
How severe is CVE-2018-1000131?
CVE-2018-1000131 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000131?
Check the references section above for vendor advisories and patch information. Affected products include: Wpsupportplus Wp Support Plus Responsive Ticket System.