Skip to main content

Js Help Desk CVE-2022-46842

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-02-02 audit@patchstack.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Feb 02, 2023 - 21:22 cve.org
MEDIUM 5.4

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. Affected products include: Wiselyhub Js Help Desk.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-50839 CRITICAL POC
9.3 Dec 28

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS He

CVE-2024-43274 CRITICAL
9.8 Nov 01

Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin allows Accessing Func

CVE-2024-31273 CRITICAL
9.8 Jun 09

Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin.8.3. Rated critical s

CVE-2026-48886 CRITICAL
9.3 Jun 15

SQL injection in the JS Help Desk WordPress plugin versions 3.0.9 and earlier allows remote unauthenticated attackers to

CVE-2022-47151 HIGH
8.6 Apr 17

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS He

CVE-2026-32534 HIGH
8.5 Mar 25

JoomSky JS Help Desk contains a blind SQL injection vulnerability in versions through 3.0.3 that allows attackers to exe

CVE-2026-56054 HIGH
7.7 Jun 25

Arbitrary file deletion in the JS Help Desk (JS Support Ticket) WordPress plugin versions 3.1.1 and earlier lets a low-p

CVE-2024-13606 HIGH
7.5 Feb 13

The JS Help Desk - The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information E

CVE-2026-32535 MEDIUM
6.5 Mar 25

JS Help Desk (JoomSky) versions up to 3.0.3 contain an authorization bypass vulnerability caused by insecure direct obje

CVE-2026-48887 MEDIUM
6.5 Jun 15

Broken Access Control in the JS Help Desk WordPress plugin version 3.0.9 and earlier enables unauthenticated remote atta

Share

CVE-2022-46842 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy