WP-Safety

JS Help Desk – AI-Powered Support & Ticketing System Security & Risk Analysis

wordpress.org/plugins/js-support-ticket

Professional, beautiful, complete and powerful help desk & support system for WordPress.

6K active installs v3.0.6 PHP 7.4+ WP 5.5+ Updated Feb 24, 2026
ai-supporthelpdeskknowledgebasesupport-ticketticketing-system
76
B · Generally Safe
CVEs total21
Unpatched0
Last CVEMar 3, 2026
Plugin page Download
Safety Verdict

Is JS Help Desk – AI-Powered Support & Ticketing System Safe to Use in 2026?

Mostly Safe

Score 76/100

JS Help Desk – AI-Powered Support & Ticketing System is generally safe to use. 21 past CVEs were resolved. Keep it updated.

21 known CVEsLast CVE: Mar 3, 2026Updated 1mo ago
Risk Assessment

The "js-support-ticket" plugin v3.0.6 exhibits a concerning security posture, despite some positive aspects. While the plugin demonstrates a high degree of success in output escaping (97%) and utilizing prepared statements for SQL queries (91%), these strengths are overshadowed by critical weaknesses. The presence of a dangerous `unserialize` function is a significant red flag, as it can be exploited for remote code execution or deserialization vulnerabilities if not handled with extreme care. Furthermore, the taint analysis reveals a high number of flows with unsanitized paths, six of which are rated as high severity. This, coupled with unprotected AJAX handlers and a substantial history of 21 known CVEs across various severe vulnerability types, indicates a pattern of recurring security flaws. The plugin's past vulnerabilities include SQL Injection, Missing Authorization, Path Traversal, Code Injection, and Unrestricted File Uploads, suggesting a fundamental lack of robust security controls in its development lifecycle. The fact that the last vulnerability was dated in the future (2026) is also a temporal anomaly that needs to be addressed, but assuming it's an input error and considering the historical trend, the plugin has a history of being exploitable. The significant number of known vulnerabilities, combined with the identified code-level risks, presents a high risk to any WordPress site using this plugin.

Key Concerns

  • Dangerous function: unserialize detected
  • High severity taint flows with unsanitized paths
  • Unprotected AJAX handlers
  • Large number of known CVEs (21 total)
  • History of critical severity CVEs
  • History of high severity CVEs
  • History of medium severity CVEs
  • Common vulnerability types: SQLi, Missing Auth, RFI, Path Traversal, XSS, Code I
Vulnerabilities
21

JS Help Desk – AI-Powered Support & Ticketing System Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
8 CVEs in 2023
2023
3 CVEs in 2024
2024
7 CVEs in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
6
High
7
Medium
8

21 total CVEs

CVE-2023-7337high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie

Mar 3, 2026 Patched in 2.8.3 (1d)
CVE-2026-24959medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Help Desk <= 3.0.1 - Authenticated (Subscriber+) SQL Injection

Feb 11, 2026 Patched in 3.0.2 (6d)
CVE-2025-30886high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Help Desk <= 2.9.2 - Unauthenticated SQL Injection

Mar 27, 2025 Patched in 2.9.3 (7d)
CVE-2025-30880medium · 5.3Missing Authorization

JS Help Desk <= 2.9.2 - Missing Authorization

Mar 27, 2025 Patched in 2.9.3 (7d)
CVE-2025-30901critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

JS Help Desk <= 2.9.2 - Unauthenticated Local File Inclusion

Mar 27, 2025 Patched in 2.9.3 (7d)
CVE-2025-30882high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

JS Help Desk <= 2.9.1 - Unauthenticated Arbitrary File Download

Mar 27, 2025 Patched in 2.9.2 (7d)
CVE-2025-30878critical · 9.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

JS Help Desk <= 2.9.2 - Unauthenticated Arbitrary File Deletion

Mar 27, 2025 Patched in 2.9.3 (7d)
CVE-2024-13606high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Feb 12, 2025 Patched in 2.8.9 (23d)
CVE-2024-13607medium · 4.3Authorization Bypass Through User-Controlled Key

JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference

Feb 3, 2025 Patched in 2.8.9 (1d)
CVE-2024-51670medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 1, 2024 Patched in 2.8.8 (6d)
CVE-2024-7094critical · 9.8Improper Control of Generation of Code ('Code Injection')

JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution

Aug 12, 2024 Patched in 2.8.7 (7d)
CVE-2024-31273medium · 5.3Missing Authorization

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization

Apr 5, 2024 Patched in 2.8.4 (7d)
CVE-2023-50839critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid

Dec 21, 2023 Patched in 2.8.2 (33d)
CVE-2023-25444high · 7.2Unrestricted Upload of File with Dangerous Type

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload

Aug 17, 2023 Patched in 2.7.8 (159d)
CVE-2023-23679medium · 6.3Authorization Bypass Through User-Controlled Key

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference

Jun 20, 2023 Patched in 2.7.8 (217d)
CVE-2022-46839critical · 9.8Unrestricted Upload of File with Dangerous Type

JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload

Jan 27, 2023 Patched in 2.7.2 (361d)
CVE-2022-46840medium · 6.3Missing Authorization

JS Help Desk <= 2.7.1 - Missing Authorization

Jan 27, 2023 Patched in 2.7.2 (361d)
CVE-2022-46838critical · 9.1Missing Authorization

JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update

Jan 27, 2023 Patched in 2.7.2 (361d)
CVE-2022-47151high · 8.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection

Jan 27, 2023 Patched in 2.7.2 (361d)
CVE-2022-46842medium · 5.4Cross-Site Request Forgery (CSRF)

JS Help Desk <= 2.7.1 - Cross-Site Request Forgery

Jan 27, 2023 Patched in 2.7.2 (361d)
CVE-2018-21002high · 8.8Cross-Site Request Forgery (CSRF)

JS Help Desk – Best Help Desk & Support Plugin <= 2.0.5 - Cross-Site Request Forgery

Jun 25, 2018 Patched in 2.0.6 (2038d)
Code Analysis
Analyzed Mar 16, 2026

JS Help Desk – AI-Powered Support & Ticketing System Code Analysis

Dangerous Functions
3
Raw SQL Queries
69
678 prepared
Unescaped Output
436
14029 escaped
Nonce Checks
131
Capability Checks
70
File Operations
17
External Requests
19
Bundled Libraries
0

Dangerous Functions Found

unserialize$jsst_attachment = unserialize($jsst_post_meta["_wp_attachment_metadata"][0]);modules\thirdpartyimport\model.php:3451
unserialize$jsst_custom_fields = unserialize($jsst_custom_fields_serializeed->value);modules\thirdpartyimport\model.php:4255
unserialize$jsst_custom_fields = unserialize($jsst_custom_fields_serializeed->value);modules\thirdpartyimport\model.php:5645

SQL Query Safety

91% prepared747 total queries

Output Escaping

97% escaped14465 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths
jsCheckTriggers (includes\addon-updater\jsstupdater.php:262)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

JS Help Desk – AI-Powered Support & Ticketing System Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 3

authwp_ajax_jsticket_ajaxincludes\ajax.php:9
noprivwp_ajax_jsticket_ajaxincludes\ajax.php:10
authwp_ajax_save_dashboard_preferencesjs-support-ticket.php:1488

Shortcodes 4

[jssupportticket] includes\shortcodes.php:9
[jssupportticket_addticket] includes\shortcodes.php:10
[jssupportticket_addticket_multiform] includes\shortcodes.php:12
[jssupportticket_mytickets] includes\shortcodes.php:14
WordPress Hooks 88
actionadmin_initincludes\addon-updater\jsstupdater.php:35
filterplugins_apiincludes\addon-updater\jsstupdater.php:43
actionadmin_noticesincludes\addon-updater\jsstupdater.php:47
actionafter_plugin_rowincludes\addon-updater\jsstupdater.php:48
actionadmin_noticesincludes\classes\jsstadminreviewbox.php:7
filterupload_dirincludes\classes\uploads.php:67
filterupload_dirincludes\classes\uploads.php:168
filterupload_dirincludes\classes\uploads.php:237
filterupload_dirincludes\classes\uploads.php:306
filterupload_dirincludes\classes\uploads.php:363
filterupload_dirincludes\classes\uploads.php:419
filterupload_dirincludes\classes\uploads.php:478
filterupload_dirincludes\classes\uploads.php:535
actionparse_requestincludes\classes\wphdsession.php:19
actioninitincludes\formhandler.php:9
actioninitincludes\formhandler.php:10
actionwp_login_failedincludes\jsst-hooks.php:12
filterauthenticateincludes\jsst-hooks.php:45
actioninitincludes\jsst-hooks.php:203
actionshow_user_profileincludes\jsst-hooks.php:227
actionedit_user_profileincludes\jsst-hooks.php:228
actionpersonal_options_updateincludes\jsst-hooks.php:249
actionedit_user_profile_updateincludes\jsst-hooks.php:250
actiondelete_userincludes\jsst-hooks.php:281
actionpersonal_options_updateincludes\jsst-hooks.php:283
actionedit_user_profile_updateincludes\jsst-hooks.php:329
actionuser_registerincludes\jsst-hooks.php:330
actionadmin_menuincludes\jssupportticketadmin.php:9
actionwidgets_initincludes\pageswidget.php:95
filterpost_rewrite_rulesincludes\paramregister.php:49
filterpage_rewrite_rulesincludes\paramregister.php:57
filtergenerate_rewrite_rulesincludes\paramregister.php:89
filterquery_varsincludes\paramregister.php:98
actionparse_requestincludes\paramregister.php:517
filterredirect_canonicalincludes\paramregister.php:541
filtercron_schedulesjs-support-ticket.php:80
filterthe_contentjs-support-ticket.php:81
actionwp_insert_sitejs-support-ticket.php:86
actionwpmu_new_blogjs-support-ticket.php:88
filterwpmu_drop_tablesjs-support-ticket.php:90
actionjssupporticket_updateticketstatusjs-support-ticket.php:93
actiontemplate_redirectjs-support-ticket.php:95
actionadmin_initjs-support-ticket.php:97
actionwp_footerjs-support-ticket.php:98
actionjsst_resetnotificationvaluesjs-support-ticket.php:99
actionwp_headjs-support-ticket.php:101
actionadmin_enqueue_scriptsjs-support-ticket.php:102
actionjsst_reset_aadon_queryjs-support-ticket.php:103
actionjssupporticket_ticketviaemailjs-support-ticket.php:105
actioninitjs-support-ticket.php:106
actionadmin_initjs-support-ticket.php:107
actionadmin_initjs-support-ticket.php:108
actioninitjs-support-ticket.php:109
actionjsst_delete_expire_session_datajs-support-ticket.php:110
filtersafe_style_cssjs-support-ticket.php:111
actionjsst_process_transation_key_statusjs-support-ticket.php:116
actionjsst_auto_update_addonsjs-support-ticket.php:121
actionupgrader_process_completejs-support-ticket.php:126
filteraioseo_disable_shortcode_parsingjs-support-ticket.php:129
actionadmin_noticesjs-support-ticket.php:131
actionadmin_noticesjs-support-ticket.php:133
actionjsst-ticketcreatejs-support-ticket.php:787
actionjsst-ticketreplyjs-support-ticket.php:788
actionjsst-ticketclosejs-support-ticket.php:789
actionjsst-ticketdeletejs-support-ticket.php:790
actionjsst-ticketbeforelistingjs-support-ticket.php:791
actionjsst-ticketbeforeviewjs-support-ticket.php:792
actionjsst-beforeemailticketcreatejs-support-ticket.php:794
actionjsst-beforeemailticketreplyjs-support-ticket.php:795
actionjsst-beforeemailticketclosejs-support-ticket.php:796
actionjsst-beforeemailticketdeletejs-support-ticket.php:797
actionjssupportticket_load_wp_plugin_filejs-support-ticket.php:847
actionjssupportticket_load_wp_admin_filejs-support-ticket.php:848
actionjssupportticket_load_wp_filejs-support-ticket.php:849
actionjssupportticket_load_wp_pcl_zipjs-support-ticket.php:850
actionjssupportticket_load_wp_upgraderjs-support-ticket.php:851
actionjssupportticket_load_wp_ajax_upgrader_skinjs-support-ticket.php:852
actionjssupportticket_load_wp_plugin_upgraderjs-support-ticket.php:853
actionjssupportticket_load_wp_translation_installjs-support-ticket.php:854
actionjssupportticket_load_phpassjs-support-ticket.php:855
actioninitjs-support-ticket.php:1456
filterlogin_form_middlejs-support-ticket.php:1466
filterlogin_form_middlejs-support-ticket.php:1472
actionjsst_addon_update_date_failedjs-support-ticket.php:1506
filterstyle_loader_tagjs-support-ticket.php:1511
filterscript_loader_tagjs-support-ticket.php:1512
filterupload_dirmodules\configuration\model.php:266
filterwp_mail_content_typemodules\email\model.php:1986

Scheduled Events 5

jsst_delete_expire_session_data
jsst_process_transation_key_status
jsst_auto_update_addons
jssupporticket_updateticketstatus
jssupporticket_ticketviaemail
Maintenance & Trust

JS Help Desk – AI-Powered Support & Ticketing System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads554K

Community Trust

Rating76/100
Number of ratings73
Active installs6K
Alternatives

JS Help Desk – AI-Powered Support & Ticketing System Alternatives

Fluent Support – Helpdesk & Customer Support Ticket System

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

A
89

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs
SupportCandy – Helpdesk & Customer Support Ticket System

SupportCandy – Helpdesk & Customer Support Ticket System

supportcandy

B
76

Enhance your WordPress site with our helpdesk and support ticket system. Manage customer support, tickets, and email tickets efficiently.

10K 16 CVEs
Awesome Support – WordPress HelpDesk & Support Plugin

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

A
88

The most versatile and feature-rich help desk and support plugin for WordPress. Provide awesome support directly from your WordPress site.

7K 24 CVEs
Nirweb support

Nirweb support

nirweb-support

C
58

NirWeb support is a great help desk and support plugin for WordPress with full support of WooCommerce

1K 1 unpatched
Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

A
97

Manage customer support with a powerful helpdesk & support ticket system — track customer tickets, resolve, and streamline your support workflow.

1K 3 CVEs
Developer Profile

JS Help Desk – AI-Powered Support & Ticketing System Developer Profile

JoomSky

3 plugins · 6K total installs

50
trust score
Avg Security Score
59/100
Avg Patch Time
357 days
View full developer profile
Detection Fingerprints

How We Detect JS Help Desk – AI-Powered Support & Ticketing System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/js-support-ticket/css/support_ticket.css/wp-content/plugins/js-support-ticket/css/support_ticket_responsive.css/wp-content/plugins/js-support-ticket/css/style.css/wp-content/plugins/js-support-ticket/css/custom.css/wp-content/plugins/js-support-ticket/js/support_ticket.js/wp-content/plugins/js-support-ticket/js/jssupportticket.js
Script Paths
/wp-content/plugins/js-support-ticket/js/support_ticket.js/wp-content/plugins/js-support-ticket/js/jssupportticket.js
Version Parameters
js-support-ticket/style.css?ver=js-support-ticket/js/support_ticket.js?ver=js-support-ticket/js/jssupportticket.js?ver=js-support-ticket/css/custom.css?ver=

HTML / DOM Fingerprints

CSS Classes
js-support-ticket-wrapperjs-support-ticket-headerjs-support-ticket-bodyjs-support-ticket-footerjs-support-ticket-formjs-support-ticket-fieldjs-support-ticket-inputjs-support-ticket-textarea+15 more
HTML Comments
<!-- Added by the JS Help Desk plugin --><!-- JS Help Desk - Start Widget --><!-- JS Help Desk - End Widget --><!--JS Help Desk -->
Data Attributes
data-jsst-widget-iddata-jsst-ticket-iddata-jsst-reply-iddata-jsst-admin-pagedata-jsst-field-typedata-jsst-user-id
JS Globals
js_support_ticket_ajax_urljs_support_ticket_noncejs_support_ticket_plugin_urlJSSTjsst_datajsst_config
REST Endpoints
/wp-json/js-support-ticket/v1/tickets/wp-json/js-support-ticket/v1/replies/wp-json/js-support-ticket/v1/attachments/wp-json/js-support-ticket/v1/configuration/wp-json/js-support-ticket/v1/users/wp-json/js-support-ticket/v1/search
Shortcode Output
[js-support-ticket][js-support-ticket-form][js-support-ticket-list][js-support-ticket-ticket-details]
FAQ

Frequently Asked Questions about JS Help Desk – AI-Powered Support & Ticketing System