WP-Safety

Guest Support Security & Risk Analysis

wordpress.org/plugins/guest-support

Complete WordPress support ticket system. No login needed for users or agents. Includes spam protection, file uploads, and secure replies.

40 active installs v1.3.0 PHP 7.0+ WP 5.5+ Updated Dec 6, 2025
customer-supporthelp-desksupport-systemsupport-ticketticket-support
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 11, 2025
Plugin page Download
Safety Verdict

Is Guest Support Safe to Use in 2026?

Generally Safe

Score 98/100

Guest Support has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2025Updated 3mo ago
Risk Assessment

The "guest-support" plugin v1.3.0 presents a mixed security posture. On the positive side, the plugin exhibits strong adherence to secure coding practices, with a high percentage of SQL queries using prepared statements and a vast majority of output being properly escaped. It also demonstrates robust use of nonces and capability checks, and importantly, has no unpatched known vulnerabilities despite a history of CVEs.

However, there are significant concerns. The presence of 11 dangerous function calls, specifically `unserialize`, is a critical red flag. This function is notoriously risky when handling user-supplied data, as it can lead to Remote Code Execution vulnerabilities if not strictly controlled. Furthermore, the taint analysis revealed 4 flows with unsanitized paths, all flagged as High severity, indicating potential for these dangerous functions to be exploited with malicious input.

The plugin's vulnerability history, while currently clear of unpatched issues, shows past occurrences of 'Exposure of Sensitive Information' and 'Missing Authorization'. This pattern suggests that while the developers have addressed past issues, the underlying coding practices might still be prone to introducing such vulnerabilities, especially concerning how data is handled and access is controlled.

Key Concerns

  • Dangerous function calls (unserialize)
  • High severity unsanitized taint flows
  • Past vulnerabilities: Exposure of Sensitive Info
  • Past vulnerabilities: Missing Authorization
Vulnerabilities
2

Guest Support Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-13660medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint

Dec 11, 2025 Patched in 1.3.0 (1d)
CVE-2025-5957medium · 5.3Missing Authorization

Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion

Jul 7, 2025 Patched in 1.2.3 (1d)
Code Analysis
Analyzed Mar 16, 2026

Guest Support Code Analysis

Dangerous Functions
11
Raw SQL Queries
16
69 prepared
Unescaped Output
55
898 escaped
Nonce Checks
18
Capability Checks
11
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$guest_support_suggest_docs_cats = $guest_support_data['suggest_docs_cats'] ? unserialize( $guest_suincludes\admin\forms-form.php:535
unserialize'params' => $guest_support_form->params ? unserialize( $guest_support_form->params ) : []includes\admin\forms-router.php:70
unserialize$guest_support_formFields = unserialize( $guest_support_form->form_fields );includes\admin\forms-router.php:73
unserialize$formFields = unserialize( $form->form_fields );includes\library\class-app.php:717
unserialize$formFields = unserialize( $form->form_fields );includes\library\class-app.php:1213
unserializereturn unserialize( $sessionData );includes\library\class-app.php:3588
unserialize$guest_support_formFields = unserialize( $guest_support_form->form_fields );includes\process-shortcode.php:50
unserialize$guest_support_formFields = unserialize( $guest_support_form->form_fields );includes\process-shortcode.php:104
unserialize$guest_support_params = $guest_support_form->params ? unserialize( $guest_support_form->params ) : [includes\process-shortcode.php:106
unserialize$guest_support_custom_fields = unserialize( $guest_support_ticketSubject->custom_fields );includes\view-ticket.php:18
unserialize$guest_support_reply_custom_fields = unserialize( $guest_support_message->custom_fields );includes\view-ticket.php:191

SQL Query Safety

81% prepared85 total queries

Output Escaping

94% escaped953 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
<process-data> (includes\library\process-data.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Guest Support Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[guest-support] guest-support.php:101
WordPress Hooks 10
actioninitguest-support.php:33
actionadmin_enqueue_scriptsguest-support.php:39
actiontemplate_redirectguest-support.php:40
filterthe_titleguest-support.php:43
actionplugins_loadedguest-support.php:47
actionwp_enqueue_scriptsguest-support.php:48
actionadmin_menuincludes\admin\class-adminpages.php:15
filterupload_dirincludes\library\class-app.php:2751
actionphpmailer_initincludes\library\class-app.php:3048
filterwp_robotsincludes\process-shortcode.php:65
Maintenance & Trust

Guest Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 6, 2025
PHP min version7.0
Downloads4K

Community Trust

Rating100/100
Number of ratings3
Active installs40
Alternatives

Guest Support Alternatives

Customer Support Ticket System & Helpdesk Plugin for WordPress

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

A
91

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs
CodeBard Help Desk

CodeBard Help Desk

codebard-help-desk

D
49

Multi Language Professional Support Ticket System with Unlimited Users, Unlimited Tickets, Unlimited Departments, Agents and many features

10 2 unpatched
Fluent Support – Helpdesk & Customer Support Ticket System

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

A
89

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs
Live Chat with Messenger Customer Chat

Live Chat with Messenger Customer Chat

fb-messenger-live-chat

A
99

Support your customers via Facebook Messenger Live Chat conveniently from your own website.

3K 1 CVE
Zendesk Support for WordPress

Zendesk Support for WordPress

zendesk

A
85

Bring the helpdesk into your blog

2K 1 CVE
Developer Profile

Guest Support Developer Profile

RcaTheme.com

1 plugin · 40 total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Guest Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/guest-support/assets/admin.css/wp-content/plugins/guest-support/assets/admin.js/wp-content/plugins/guest-support/assets/dragndrop.js/wp-content/plugins/guest-support/assets/styles.min.css/wp-content/plugins/guest-support/assets/scripts.min.js
Script Paths
/wp-content/plugins/guest-support/assets/admin.js/wp-content/plugins/guest-support/assets/dragndrop.js/wp-content/plugins/guest-support/assets/scripts.min.js
Version Parameters
guest-support/assets/admin.css?ver=guest-support/assets/admin.js?ver=guest-support/assets/dragndrop.js?ver=guest-support/assets/styles.min.css?ver=guest-support/assets/scripts.min.js?ver=

HTML / DOM Fingerprints

JS Globals
GuestSupportApp
Shortcode Output
[guest-support]
FAQ

Frequently Asked Questions about Guest Support