WP-Safety

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Security & Risk Analysis

wordpress.org/plugins/majestic-support

Majestic Support for WordPress is a top-tier ticket system that can significantly enhance your customers' support experience.

3K active installs v1.1.3 PHP 7.4+ WP 5.5+ Updated Apr 3, 2026
customer-supporthelpdesksupport-desksupport-pluginticket-system
82
B · Generally Safe
CVEs total8
Unpatched0
Last CVEApr 9, 2026
Plugin page Download
Safety Verdict

Is Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Safe to Use in 2026?

Mostly Safe

Score 82/100

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin is generally safe to use. 8 past CVEs were resolved.

8 known CVEsLast CVE: Apr 9, 2026Updated 1mo ago
Risk Assessment

The 'majestic-support' plugin version 1.1.2 presents a concerning security posture. While it demonstrates good practices in output escaping and a high rate of prepared SQL statements, significant weaknesses are present. The static analysis reveals a total of 6 entry points, with 2 of them lacking proper authentication checks. Furthermore, the presence of the `unserialize` function, a known vector for serious vulnerabilities, is a critical concern. The taint analysis identified 7 high-severity flows with unsanitized paths, indicating potential for data manipulation or code execution if not handled with extreme care.

The plugin's vulnerability history is particularly alarming, with a total of 7 known CVEs, including 1 critical and 3 high-severity issues. The fact that 1 CVE remains unpatched is a direct and immediate threat. The common vulnerability types listed, such as Missing Authorization, SQL Injection, PHP Remote File Inclusion, and Authorization Bypass, strongly suggest recurring and fundamental security flaws in the plugin's design and implementation. The recurrence of these types of vulnerabilities indicates a systemic issue that needs to be addressed comprehensively.

In conclusion, despite some positive code signals, the 'majestic-support' plugin has significant security deficiencies. The combination of unprotected entry points, dangerous function usage, high-severity taint flows, and a history of critical and unpatched vulnerabilities makes this plugin a high-risk component for any WordPress installation. Organizations should exercise extreme caution and consider disabling or replacing this plugin until all identified security issues are resolved and verified.

Key Concerns

  • Unpatched CVE present
  • Critical severity vulnerability history (1)
  • High severity vulnerability history (3)
  • High severity taint flows (7)
  • Dangerous function: unserialize
  • Unprotected AJAX handlers (2)
  • Authorization bypass vulnerability history
  • PHP Remote File Inclusion vulnerability history
  • SQL Injection vulnerability history
  • Missing Authorization vulnerability history
  • Exposure of Sensitive Information vulnerability history
Vulnerabilities
8 published

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Security Vulnerabilities

CVEs by Year

7 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
3
Medium
4

8 total CVEs

CVE-2026-40778medium · 5.3Missing Authorization

Majestic Support <= 1.1.2 - Missing Authorization

Apr 9, 2026 Patched in 1.1.3 (29d)
CVE-2025-49860medium · 5.3Missing Authorization

Majestic Support <= 1.1.0 - Missing Authorization

Jun 12, 2025 Patched in 1.1.1 (6d)
CVE-2025-48283high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Majestic Support <= 1.1.0 - Unauthenticated SQL Injection

May 22, 2025 Patched in 1.1.1 (8d)
CVE-2025-48282medium · 5.3Missing Authorization

Majestic Support <= 1.1.0 - Missing Authorization

May 19, 2025 Patched in 1.1.1 (11d)
CVE-2025-64284high · 7.5Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Majestic Support <= 1.0.7 - Authenticated (Contributor+) Local File Inclusion

Apr 22, 2025 Patched in 1.0.8 (330d)
CVE-2025-26985critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Majestic Support <= 1.0.6 - Unauthenticated Local File Inclusion

Feb 23, 2025 Patched in 1.0.7 (9d)
CVE-2024-13600high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Feb 11, 2025 Patched in 1.0.6 (1d)
CVE-2024-13601medium · 4.3Authorization Bypass Through User-Controlled Key

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

Feb 11, 2025 Patched in 1.0.6 (1d)
Version History

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Release Timeline

v1.1.3Current
v1.1.21 CVE
CVE-2026-40778
v1.1.11 CVE
CVE-2026-40778
v1.1.04 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-48282 +1 more
v1.0.94 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-48282 +1 more
v1.0.84 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-48282 +1 more
v1.0.75 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-64284 +2 more
v1.0.66 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +3 more
v1.0.58 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +5 more
v1.0.48 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +5 more
v1.0.38 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +5 more
v1.0.28 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +5 more
v1.0.18 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +5 more
v1.0.08 CVEs
CVE-2025-49860 CVE-2025-48283 CVE-2025-26985 +5 more
Code Analysis
Analyzed Mar 16, 2026

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Code Analysis

Dangerous Functions
3
Raw SQL Queries
61
659 prepared
Unescaped Output
58
15499 escaped
Nonce Checks
144
Capability Checks
71
File Operations
36
External Requests
18
Bundled Libraries
0

Dangerous Functions Found

unserialize$attachment = unserialize($post_meta["_wp_attachment_metadata"][0]);modules\thirdpartyimport\model.php:3369
unserialize$custom_fields = unserialize($custom_fields_serializeed->value);modules\thirdpartyimport\model.php:4173
unserialize$custom_fields = unserialize($custom_fields_serializeed->value);modules\thirdpartyimport\model.php:5508

SQL Query Safety

92% prepared720 total queries

Output Escaping

100% escaped15557 total outputs
Data Flows · Security
10 unsanitized

Data Flow Analysis

13 flows10 with unsanitized paths
<model> (modules\configuration\model.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 2

authwp_ajax_mjsupport_ajaxincludes\ajax.php:9
noprivwp_ajax_mjsupport_ajaxincludes\ajax.php:10

Shortcodes 4

[majesticsupport] includes\shortcodes.php:9
[majesticsupport_addticket] includes\shortcodes.php:10
[majesticsupport_addticket_multiform] includes\shortcodes.php:12
[majesticsupport_mytickets] includes\shortcodes.php:14
WordPress Hooks 89
actionadmin_initincludes\addon-updater\msupdater.php:32
filterplugins_apiincludes\addon-updater\msupdater.php:39
actionadmin_noticesincludes\addon-updater\msupdater.php:43
actionafter_plugin_rowincludes\addon-updater\msupdater.php:44
actionadmin_noticesincludes\classes\msadminreviewbox.php:7
filterupload_dirincludes\classes\uploads.php:64
filterupload_dirincludes\classes\uploads.php:162
filterupload_dirincludes\classes\uploads.php:228
filterupload_dirincludes\classes\uploads.php:294
filterupload_dirincludes\classes\uploads.php:348
filterupload_dirincludes\classes\uploads.php:401
filterupload_dirincludes\classes\uploads.php:458
filterupload_dirincludes\classes\uploads.php:513
actionparse_requestincludes\classes\wphdsession.php:18
actioninitincludes\formhandler.php:9
actioninitincludes\formhandler.php:10
actionadmin_menuincludes\majesticsupportadmin.php:9
actionwp_login_failedincludes\ms-hooks.php:7
filterauthenticateincludes\ms-hooks.php:23
actioninitincludes\ms-hooks.php:167
actionshow_user_profileincludes\ms-hooks.php:192
actionedit_user_profileincludes\ms-hooks.php:193
actionpersonal_options_updateincludes\ms-hooks.php:226
actionedit_user_profile_updateincludes\ms-hooks.php:227
actiondelete_userincludes\ms-hooks.php:262
actionpersonal_options_updateincludes\ms-hooks.php:264
actionedit_user_profile_updateincludes\ms-hooks.php:315
actionuser_registerincludes\ms-hooks.php:316
actionwidgets_initincludes\pageswidget.php:96
filterpost_rewrite_rulesincludes\paramregister.php:31
filterpage_rewrite_rulesincludes\paramregister.php:39
filtergenerate_rewrite_rulesincludes\paramregister.php:54
filterquery_varsincludes\paramregister.php:63
actionparse_requestincludes\paramregister.php:521
filterredirect_canonicalincludes\paramregister.php:540
filtercron_schedulesmajestic-support.php:79
filterthe_contentmajestic-support.php:80
actionwp_insert_sitemajestic-support.php:85
actionwpmu_new_blogmajestic-support.php:87
filterwpmu_drop_tablesmajestic-support.php:89
actionplugins_loadedmajestic-support.php:91
actionmajesticsupport_updateticketstatusmajestic-support.php:92
actionmajesticsupport_checkforaddonsupdatemajestic-support.php:93
actiontemplate_redirectmajestic-support.php:95
actionadmin_initmajestic-support.php:97
actionwp_footermajestic-support.php:98
actionresetnotificationvaluesmajestic-support.php:99
actionwp_headmajestic-support.php:101
actionadmin_enqueue_scriptsmajestic-support.php:102
actionreset_ms_aadon_querymajestic-support.php:103
actionmajesticsupport_ticketviaemailmajestic-support.php:104
actioninitmajestic-support.php:105
actionadmin_initmajestic-support.php:106
actionadmin_initmajestic-support.php:107
actioninitmajestic-support.php:108
actionms_delete_expire_session_datamajestic-support.php:109
filtersafe_style_cssmajestic-support.php:110
actionmjtc_process_transation_key_statusmajestic-support.php:115
actionmjtc_auto_update_addonsmajestic-support.php:120
filteraioseo_disable_shortcode_parsingmajestic-support.php:128
actionadmin_noticesmajestic-support.php:130
actionms-ticketcreatemajestic-support.php:766
actionms-ticketreplymajestic-support.php:767
actionms-ticketclosemajestic-support.php:768
actionms-ticketdeletemajestic-support.php:769
actionms-ticketbeforelistingmajestic-support.php:770
actionms-ticketbeforeviewmajestic-support.php:771
actionms-beforeemailticketcreatemajestic-support.php:773
actionms-beforeemailticketreplymajestic-support.php:774
actionms-beforeemailticketclosemajestic-support.php:775
actionms-beforeemailticketdeletemajestic-support.php:776
actionmajesticsupport_load_wp_plugin_filemajestic-support.php:856
actionmajesticsupport_load_wp_admin_filemajestic-support.php:857
actionmajesticsupport_load_wp_filemajestic-support.php:858
actionmajesticsupport_load_wp_pcl_zipmajestic-support.php:859
actionmajesticsupport_load_wp_upgradermajestic-support.php:860
actionmajesticsupport_load_wp_ajax_upgrader_skinmajestic-support.php:861
actionmajesticsupport_load_wp_plugin_upgradermajestic-support.php:862
actionmajesticsupport_load_wp_translation_installmajestic-support.php:863
actionmajesticsupport_load_phpassmajestic-support.php:864
actioninitmajestic-support.php:1285
filterlogin_form_middlemajestic-support.php:1294
filterlogin_form_middlemajestic-support.php:1300
actionms_addon_update_date_failedmajestic-support.php:1316
filterstyle_loader_tagmajestic-support.php:1321
filterscript_loader_tagmajestic-support.php:1322
actionupgrader_process_completemajestic-support.php:1402
filterupload_dirmodules\configuration\model.php:256
filterwp_mail_content_typemodules\email\model.php:2067

Scheduled Events 6

ms_delete_expire_session_data
mjtc_process_transation_key_status
mjtc_auto_update_addons
majesticsupport_updateticketstatus
majesticsupport_ticketviaemail
majesticsupport_checkforaddonsupdate
Maintenance & Trust

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 3, 2026
PHP min version7.4
Downloads94K

Community Trust

Rating100/100
Number of ratings8
Active installs3K
Alternatives

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Alternatives

Fluent Support – Helpdesk & Customer Support Ticket System

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

A
89

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs
Customer Support Ticket System & Helpdesk Plugin for WordPress

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

A
91

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs
Freelancer Support System – Client Ticket Manager

Freelancer Support System – Client Ticket Manager

gayatri-freelancer-support-system

A
100

Freelancer support plugin to manage client requests as tickets inside WordPress with status tracking and WhatsApp updates.

0 No CVEs
Help Desk WP

Help Desk WP

helpdeskwp

C
63

Help Desk and customer support.

0 1 unpatched
NexlifyDesk

NexlifyDesk

nexlifydesk

A
100

Enterprise-grade WordPress helpdesk solution with intelligent ticket management, email piping, agent workflows, and WooCommerce integration.

0 No CVEs
Developer Profile

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin Developer Profile

Majestic Support

1 plugin · 3K total installs

75
trust score
Avg Security Score
82/100
Avg Patch Time
49 days
View full developer profile
Detection Fingerprints

How We Detect Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/majestic-support/css/style.css/wp-content/plugins/majestic-support/css/ms-main-style.css/wp-content/plugins/majestic-support/css/jquery-ui.min.css/wp-content/plugins/majestic-support/css/datePicker.css/wp-content/plugins/majestic-support/css/ms-admin.css/wp-content/plugins/majestic-support/css/select2.min.css/wp-content/plugins/majestic-support/css/bootstrap.min.css/wp-content/plugins/majestic-support/css/bootstrap-datetimepicker.min.css+26 more
Script Paths
/wp-content/plugins/majestic-support/js/moment.min.js/wp-content/plugins/majestic-support/js/jquery-ui.min.js/wp-content/plugins/majestic-support/js/bootstrap.min.js/wp-content/plugins/majestic-support/js/bootstrap-datetimepicker.min.js/wp-content/plugins/majestic-support/js/tinymce/tinymce.min.js/wp-content/plugins/majestic-support/js/tinymce/plugins/textcolor/plugin.js+20 more
Version Parameters
majestic-support/css/style.css?ver=majestic-support/css/ms-main-style.css?ver=majestic-support/css/jquery-ui.min.css?ver=majestic-support/css/datePicker.css?ver=majestic-support/css/ms-admin.css?ver=majestic-support/css/select2.min.css?ver=majestic-support/css/bootstrap.min.css?ver=majestic-support/css/bootstrap-datetimepicker.min.css?ver=majestic-support/js/moment.min.js?ver=majestic-support/js/jquery-ui.min.js?ver=majestic-support/js/bootstrap.min.js?ver=majestic-support/js/bootstrap-datetimepicker.min.js?ver=majestic-support/js/tinymce/tinymce.min.js?ver=majestic-support/js/tinymce/plugins/textcolor/plugin.js?ver=majestic-support/js/tinymce/plugins/colorpicker/plugin.js?ver=majestic-support/js/tinymce/plugins/image/plugin.js?ver=majestic-support/js/tinymce/plugins/link/plugin.js?ver=majestic-support/js/tinymce/plugins/paste/plugin.js?ver=majestic-support/js/tinymce/plugins/lists/plugin.js?ver=majestic-support/js/tinymce/plugins/autoresize/plugin.js?ver=majestic-support/js/tinymce/plugins/hr/plugin.js?ver=majestic-support/js/tinymce/plugins/code/plugin.js?ver=majestic-support/js/tinymce/plugins/table/plugin.js?ver=majestic-support/js/tinymce/plugins/tabfocus/plugin.js?ver=majestic-support/js/tinymce/plugins/insertdatetime/plugin.js?ver=majestic-support/js/tinymce/plugins/advlist/plugin.js?ver=majestic-support/js/tinymce/plugins/imagetools/plugin.js?ver=majestic-support/js/tinymce/plugins/wordcount/plugin.js?ver=majestic-support/js/tinymce/plugins/emoticons/plugin.js?ver=majestic-support/js/tinymce/plugins/template/plugin.js?ver=majestic-support/js/tinymce/themes/modern/theme.js?ver=majestic-support/js/select2.min.js?ver=majestic-support/js/ms-main-script.js?ver=majestic-support/js/ms-public-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ms-containerms-ticket-list-sectionms-ticket-detail-sectionms-new-ticket-formms-user-profile-sectionms-admin-dashboard-widget
HTML Comments
<!-- Majestic Support Plugin --><!-- End Majestic Support Plugin -->
Data Attributes
data-ms-ticket-iddata-ms-user-id
JS Globals
majesticsupportms_datatinymce_config
REST Endpoints
/wp-json/majestic-support/v1/tickets/wp-json/majestic-support/v1/users
Shortcode Output
[majestic_support_form][majestic_support_ticket_list][majestic_support_ticket_view]
FAQ

Frequently Asked Questions about Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin