Customer Support Ticket System Helpdesk
Monthly
SQL injection in the WP Ticket WordPress plugin (versions up to and including 6.0.4) allows unauthenticated remote attackers to inject arbitrary SQL via the WordPress front-end search query parameter `s`, enabling extraction of sensitive database contents. The flaw stems from concatenating the unslashed search term into a UNION sub-SELECT without using `$wpdb->prepare()`. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the unauthenticated network attack vector keeps risk meaningful on exposed sites.
SQL injection in the WP Ticket WordPress plugin (versions up to and including 6.0.4) allows unauthenticated remote attackers to inject arbitrary SQL via the WordPress front-end search query parameter `s`, enabling extraction of sensitive database contents. The flaw stems from concatenating the unslashed search term into a UNION sub-SELECT without using `$wpdb->prepare()`. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the unauthenticated network attack vector keeps risk meaningful on exposed sites.