Project Subscriptions
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wordpress
Wordpress wordpress Wpsupportplus Wpsupportplus wp Support Plus Responsive Ticket System |
|
| Vendors & Products |
Wordpress
Wordpress wordpress Wpsupportplus Wpsupportplus wp Support Plus Responsive Ticket System |
Tue, 30 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-20 CWE-79 |
Tue, 30 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
ssvc
|
Tue, 30 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 07:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators. | |
| Title | WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-06-30T13:38:16.835Z
Reserved: 2026-06-08T13:39:45.392Z
Link: CVE-2026-11589
Updated: 2026-06-30T12:56:52.998Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T09:45:03Z