Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Unauthenticated remote upload but payload needs a victim to open it (UI:R); stored XSS executes in another security context (S:C) with limited confidentiality/integrity impact and no availability impact, unlike the inflated vendor C:H/I:H/A:H.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.
Articles & Coverage 1
AnalysisAI
Stored cross-site scripting in the WP Support Plus Responsive Ticket System WordPress plugin (all versions through 9.1.2) lets unauthenticated attackers upload files containing malicious JavaScript - such as HTML or SVG payloads - to a publicly accessible location, where the script executes in the browsers of site users and administrators who view it. The flaw stems from missing validation of uploaded file types/content. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the WP Support Plus Responsive Ticket System plugin (≤9.1.2) be installed and that its file-upload/attachment feature be reachable by unauthenticated users - the default ticket-submission path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed-to-moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker submits a support ticket with an attached SVG or HTML file containing embedded JavaScript, which the plugin stores at a publicly accessible URL without sanitization. When a support agent or administrator opens the attachment (or the URL is shared/clicked), the script executes in their authenticated session, enabling session/cookie theft or actions performed as that privileged user. … |
| Remediation | No vendor-released patch version was identified at time of analysis - no fixed release (e.g. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Disable or uninstall WP Support Plus Responsive Ticket System; if operationally critical, restrict web server access to the plugin's upload directory to authenticated users only (via .htaccess, Nginx, or WAF rules). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulner
Unauthenticated SQL injection in the WP Support Plus Responsive Ticket System WordPress plugin (all versions through 9.1
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Tick
Cookie forgery in WP Support Plus Responsive Ticket System (WordPress plugin ≤9.1.2) allows unauthenticated network atta
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. Rated medium severity
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40262
GHSA-w4vj-qmqh-q69w