Does CodeBard Help Desk have any unpatched vulnerabilities?

Yes — CodeBard Help Desk currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is CodeBard Help Desk compatible with WordPress 6.7.5?

According to WordPress.org data, CodeBard Help Desk 1.1.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is CodeBard Help Desk updated?

CodeBard Help Desk was last updated on Nov 29, 2024. Frequent updates are generally a positive security signal.

What is CodeBard Help Desk's security score?

CodeBard Help Desk has a WP-Safety security score of 49/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CodeBard Help Desk Security & Risk Analysis

wordpress.org/plugins/codebard-help-desk

Multi Language Professional Support Ticket System with Unlimited Users, Unlimited Tickets, Unlimited Departments, Agents and many features

10 active installs v1.1.2 PHP + WP 4.0+ Updated Nov 29, 2024

help-desksupport-systemsupport-ticket-systemsupport-ticketsticket-system

D · High Risk

CVEs total3

Unpatched2

Last CVEFeb 14, 2025

Plugin page Download

Safety Verdict

Is CodeBard Help Desk Safe to Use in 2026?

High Risk

Score 49/100

CodeBard Help Desk carries significant security risk with 3 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 2 unpatched Last CVE: Feb 14, 2025Updated 1yr ago

Risk Assessment

The code analysis for "codebard-help-desk" v1.1.2 reveals a mixed security posture. While the plugin exhibits a very small attack surface with no apparent unprotected entry points, a concerningly low rate of output escaping (3%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, though limited in scope, identified unsanitized paths, which, combined with the poor output escaping, could allow for malicious script injection.

The plugin's history of three known CVEs, with two currently unpatched, is a significant red flag. The prevalence of medium severity vulnerabilities, specifically XSS and CSRF, in the past indicates recurring issues with input sanitization and output handling. The fact that the last vulnerability was as recent as February 2025, and it remains unpatched, further exacerbates this concern. While the use of prepared statements in SQL queries is a positive sign, it does not mitigate the fundamental risks posed by improper output escaping and past security incidents.

In conclusion, despite a seemingly clean entry point analysis, the "codebard-help-desk" plugin presents a substantial risk due to its historical vulnerability patterns, particularly concerning XSS and CSRF, and the critical lack of proper output escaping. The presence of unpatched vulnerabilities should be considered a top priority for mitigation.

Key Concerns

Unpatched CVEs
Low rate of output escaping
Flows with unsanitized paths
Vulnerability history (XSS, CSRF)

Vulnerabilities

CodeBard Help Desk Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-22757medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CodeBard Help Desk <= 1.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Feb 14, 2025Unpatched

CVE-2025-22760medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting

Jan 14, 2025Unpatched

CVE-2024-56222medium · 4.3Cross-Site Request Forgery (CSRF)

CodeBard Help Desk <= 1.1.1 - Cross-Site Request Forgery

Dec 19, 2024 Patched in 1.1.2 (21d)

Code Analysis

Analyzed Mar 17, 2026

CodeBard Help Desk Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

171

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

66% prepared47 total queries

Output Escaping

3% escaped176 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

do_admin_page_tabs_c (index.php:674)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CodeBard Help Desk Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 28

actionadmin_enqueue_scriptsindex.php:514

actionadmin_enqueue_scriptsindex.php:515

actionadmin_menuindex.php:517

actionadmin_noticesindex.php:519

actionwp_enqueue_scriptsindex.php:898

actionwp_enqueue_scriptsindex.php:899

actionwp_footerindex.php:937

actionadmin_footerindex.php:938

filterwp_mail_from_nameindex.php:3544

filterwp_mail_fromindex.php:3548

actionwidgets_initplugin\includes\widgets.php:204

actioninitplugin\plugin.php:9

actionupgrader_process_completeplugin\plugin.php:11

actioninitplugin\plugin.php:19

actioninitplugin\plugin.php:23

actionactivated_pluginplugin\plugin.php:26

actioninitplugin\plugin.php:55

actionwpplugin\plugin.php:60

actionwp_footerplugin\plugin.php:62

actionmod_rewrite_rulesplugin\plugin.php:64

actiontemplate_redirectplugin\plugin.php:66

filterprevious_post_linkplugin\plugin.php:68

filternext_post_linkplugin\plugin.php:70

filterthe_titleplugin\plugin.php:3503

filterthe_contentplugin\plugin.php:3513

filterthe_authorplugin\plugin.php:3523

filterget_the_dateplugin\plugin.php:3533

actionadmin_initplugin\plugin.php:3568

Maintenance & Trust

CodeBard Help Desk Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 29, 2024

PHP min version

Downloads6K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

CodeBard Help Desk Alternatives

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs

WP Advanced Ticket System, Elite Support Helpdesk

wats

100

WATS is a ticket system, used by helpdesk staff to deliver support. WATS stands for WP Advanced Ticket System.

200 1 CVE

Guest Support

guest-support

Complete WordPress support ticket system. No login needed for users or agents. Includes spam protection, file uploads, and secure replies.

40 2 CVEs

Rollerblade

rollerblade-app

Rollerblade - a dead simple way for your clients to leave visual feedback on your WP site, creating information-rich tickets for you to track reports.

10 No CVEs

TD Ticket System

td-ticket-system

A ticket system for Wordpress to maintain reliable communication with customers without the worry of missing emails.

10 No CVEs

Developer Profile

CodeBard Help Desk Developer Profile

CodeBard

2 plugins · 110 total installs

trust score

Avg Security Score

75/100

Avg Patch Time

21 days

View full developer profile

Detection Fingerprints

How We Detect CodeBard Help Desk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/codebard-help-desk/core/css/style.css/wp-content/plugins/codebard-help-desk/core/js/script.js/wp-content/plugins/codebard-help-desk/plugin/css/style.css/wp-content/plugins/codebard-help-desk/plugin/js/script.js/wp-content/plugins/codebard-help-desk/admin/css/style.css/wp-content/plugins/codebard-help-desk/admin/js/script.js

Script Paths

/wp-content/plugins/codebard-help-desk/core/js/script.js/wp-content/plugins/codebard-help-desk/plugin/js/script.js/wp-content/plugins/codebard-help-desk/admin/js/script.js

Version Parameters

codebard-help-desk/core/css/style.css?ver=codebard-help-desk/core/js/script.js?ver=codebard-help-desk/plugin/css/style.css?ver=codebard-help-desk/plugin/js/script.js?ver=codebard-help-desk/admin/css/style.css?ver=codebard-help-desk/admin/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

cb_p3_maincb_p3_admin_wrap

Data Attributes

cb_p3_action

JS Globals

cb_p3_vars

FAQ