How to fix CVE-2023-7337?

Within 24 hours: Identify all WordPress instances running JS Help Desk plugin version 2.8.2 and disable the plugin or restrict access to support ticket functionality. Within 7 days: Implement WAF rules to block malicious cookie payloads targeting 'js-support-ticket-token-tkstatus' and conduct database access logs review for signs of exploitation. Within 30 days: Contact the vendor for patch availability, evaluate alternative support ticketing solutions, or plan for plugin upgrade immediately upon vendor patch release.

Is WordPress affected by CVE-2023-7337?

The JS Help Desk WordPress plugin contains a SQL Injection vulnerability affecting version 2.8.2 that could allow attackers to extract sensitive database information or manipulate support ticket data.

CVE-2023-7337

HIGH

2026-03-04 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 04, 2026 - 10:16 nvd

HIGH 7.5

Description

The JS Help Desk - AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Analysis

Technical Context

Classified as CWE-89 (SQL Injection). The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used

Affected Products

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus

Remediation

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2023-7337 vulnerability details – vuln.today

Back

CVE-2023-7337

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2023-7337

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code