Skip to main content

Majestic Support The Leading Edge Help Desk Customer Support Plugin

1 CVEs product

Monthly

CVE-2026-13262 MEDIUM This Month

SQL injection in the Majestic Support WordPress help desk plugin (versions up to and including 1.1.9) allows any authenticated WordPress user to extract sensitive data from the site's database by appending arbitrary SQL to queries via the unsanitized 'val' AJAX parameter. Although the description characterizes attackers as 'unauthenticated,' exploitation in practice requires a Subscriber-level account to obtain a 'get-smart-reply' nonce - a low but real barrier accurately reflected in the CVSS PR:L rating. No public exploit code or CISA KEV listing has been identified at time of analysis, but the trivial nonce-acquisition path (create a ticket, visit the result page) means any user permitted to submit support requests can exploit this on unpatched deployments. Version 1.2.0 appears to resolve the issue based on source code changes in the referenced repository tags.

WordPress SQLi Majestic Support The Leading Edge Help Desk Customer Support Plugin
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in the Majestic Support WordPress help desk plugin (versions up to and including 1.1.9) allows any authenticated WordPress user to extract sensitive data from the site's database by appending arbitrary SQL to queries via the unsanitized 'val' AJAX parameter. Although the description characterizes attackers as 'unauthenticated,' exploitation in practice requires a Subscriber-level account to obtain a 'get-smart-reply' nonce - a low but real barrier accurately reflected in the CVSS PR:L rating. No public exploit code or CISA KEV listing has been identified at time of analysis, but the trivial nonce-acquisition path (create a ticket, visit the result page) means any user permitted to submit support requests can exploit this on unpatched deployments. Version 1.2.0 appears to resolve the issue based on source code changes in the referenced repository tags.

WordPress SQLi Majestic Support The Leading Edge Help Desk Customer Support Plugin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy