WP-Safety

Nirweb support Security & Risk Analysis

wordpress.org/plugins/nirweb-support

NirWeb support is a great help desk and support plugin for WordPress with full support of WooCommerce

1K active installs v3.0.3 PHP 7.4+ WP 5.0+ Updated Dec 5, 2023
helpdesksupportsupport-ticketticket-system
58
C · Use Caution
CVEs total2
Unpatched1
Last CVEJan 31, 2025
Download
Safety Verdict

Is Nirweb support Safe to Use in 2026?

Use With Caution

Score 58/100

Nirweb support has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Jan 31, 2025Updated 2yr ago
Risk Assessment

The nirweb-support plugin v3.0.3 presents a significant security risk primarily due to its extensive attack surface of unprotected AJAX handlers. With 15 AJAX endpoints exposed without authentication checks, and 15 taint flows identified as having unsanitized paths with critical severity, there's a high probability of unauthorized access and data manipulation. While the plugin demonstrates good practices in using prepared statements for the vast majority of its SQL queries and incorporates nonce checks and capability checks, these strengths are heavily overshadowed by the critical vulnerabilities in its handling of user input and lack of authorization on key entry points.

The plugin's vulnerability history further exacerbates these concerns. Having two known CVEs, with one critical and currently unpatched, indicates a recurring pattern of severe security flaws. The common vulnerability types of Missing Authorization and SQL Injection are directly reflected in the static and taint analysis results. The recent nature of the last vulnerability (2025-01-31) suggests ongoing issues that have not been fully remediated. The overall security posture is therefore poor, with critical weaknesses that require immediate attention, despite some positive technical implementations within the code.

Key Concerns

  • Unprotected AJAX handlers
  • Critical severity taint flows
  • Unpatched critical CVE
  • Unsanitized paths in taint flows
  • Missing Authorization vulnerability history
  • SQL Injection vulnerability history
  • Poor output escaping
Vulnerabilities
2

Nirweb support Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2025-22695medium · 4.3Missing Authorization

Nirweb support <= 3.0.3 - Missing Authorization

Jan 31, 2025Unpatched
CVE-2022-0781critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Nirweb support <= 2.7.9 - SQL Injection

May 2, 2022 Patched in 2.8.2 (631d)
Code Analysis
Analyzed Mar 16, 2026

Nirweb support Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
117 prepared
Unescaped Output
426
518 escaped
Nonce Checks
15
Capability Checks
19
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

98% prepared120 total queries

Output Escaping

55% escaped944 total outputs
Data Flows
15 unsanitized

Data Flow Analysis

20 flows15 with unsanitized paths
<ajax> (inc\admin\functions\ajax.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

Nirweb support Attack Surface

Entry Points18
Unprotected15

AJAX Handlers 15

authwp_ajax_nirweb_ads_ticket_dismissedcore\core.php:447
authwp_ajax_ajax_search_in_ticketes_wpyarinc\admin\functions\ajax.php:5
authwp_ajax_send_type_role_userinc\admin\functions\ajax.php:16
authwp_ajax_send_new_ticketinc\admin\functions\ajax.php:34
authwp_ajax_answerd_ticketinc\admin\functions\ajax.php:44
authwp_ajax_delete_tickets_admininc\admin\functions\ajax.php:57
authwp_ajax_add_department_wpytinc\admin\functions\ajax.php:68
authwp_ajax_delete_departmentinc\admin\functions\ajax.php:80
authwp_ajax_edite_departmentinc\admin\functions\ajax.php:93
authwp_ajax_add_question_faqinc\admin\functions\ajax.php:105
authwp_ajax_delete_faqinc\admin\functions\ajax.php:118
authwp_ajax_ticket_wpyar_file_user_deleteinc\admin\functions\ajax.php:130
authwp_ajax_user_send_tiketinc\admin\functions\ajax.php:150
authwp_ajax_user_answer_ticketinc\admin\functions\ajax.php:162
authwp_ajax_filtter_ticket_statusinc\admin\functions\ajax.php:173

Shortcodes 3

[nirweb_ticket] core\core.php:334
[nirweb_ticket_new] core\core.php:350
[nirweb_ticket_rep] core\core.php:357
WordPress Hooks 30
actionwp_enqueue_scriptscore\core.php:25
actionadmin_menucore\core.php:67
actioninitcore\core.php:188
actionadmin_menucore\core.php:208
actionadmin_bar_menucore\core.php:219
actioninitcore\core.php:230
actioninitcore\core.php:272
filterquery_varscore\core.php:273
filterthe_titlecore\core.php:274
filterwoocommerce_account_menu_itemscore\core.php:275
actionwp_footercore\core.php:365
actionadmin_bar_menucore\core.php:403
filterajax_query_attachments_argscore\core.php:427
actionwp_update_pluginscore\core.php:454
actionadmin_initcore\core.php:466
actionadmin_noticescore\core.php:467
actionadmin_initcore\create_db.php:3
actionadmin_initcore\create_db.php:36
actionadmin_initcore\create_db.php:59
actionadmin_initcore\create_db.php:79
actionadmin_initcore\create_db.php:101
actionadmin_initcore\create_db.php:123
actionadmin_initcore\create_db.php:145
actionadmin_enqueue_scriptsinc\admin\functions\func_upload_file.php:3
actionadmin_enqueue_scriptsinc\admin\functions\scripts.php:3
actionwp_enqueue_scriptsinc\user\themes\new_ticket.php:174
actionwp_footerinc\user\themes\new_ticket.php:177
actionwp_footerinc\user\themes\replay_ticket.php:210
actionwp_enqueue_scriptsnirweb-support.php:43
actionplugins_loadednirweb-support.php:49
Maintenance & Trust

Nirweb support Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 5, 2023
PHP min version7.4
Downloads22K

Community Trust

Rating84/100
Number of ratings12
Active installs1K
Alternatives

Nirweb support Alternatives

Awesome Support – WordPress HelpDesk & Support Plugin

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

A
88

The most versatile and feature-rich help desk and support plugin for WordPress. Provide awesome support directly from your WordPress site.

7K 24 CVEs
Customer Support Ticket System & Helpdesk Plugin for WordPress

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

A
91

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs
ELEX WordPress HelpDesk & Customer Ticketing System

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

B
82

ELEX WordPress HelpDesk & Customer Ticketing System offers top-notch features for the best customer support experience.

300 13 CVEs
Helpdesk Support Ticket System for WooCommerce

Helpdesk Support Ticket System for WooCommerce

support-ticket-system-for-woocommerce

B
70

WordPress ticket system - Manage customer queries and issues on your WordPress eShop with helpdesk WooCommerce support ticket system

200 1 unpatched
Chimney Rock Support Tickets

Chimney Rock Support Tickets

chimney-rock-support-tickets

A
85

Create and manage support tickets for your customers or subscribers with ease.

0 No CVEs
Developer Profile

Nirweb support Developer Profile

NirWp Team

2 plugins · 1K total installs

59
trust score
Avg Security Score
72/100
Avg Patch Time
631 days
View full developer profile
Detection Fingerprints

How We Detect Nirweb support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nirweb-support/assets/css/all.min.css/wp-content/plugins/nirweb-support/assets/css/user-rtl.css/wp-content/plugins/nirweb-support/assets/css/user.css/wp-content/plugins/nirweb-support/assets/js/user.js
Script Paths
/wp-content/plugins/nirweb-support/assets/js/user.js

HTML / DOM Fingerprints

CSS Classes
update-pluginsupdate-count
Data Attributes
data-upload_urldata-ajax_urldata-noncedata-reset_form_titledata-reset_form_subtitledata-reset_form_success+15 more
JS Globals
wpyarticket
FAQ

Frequently Asked Questions about Nirweb support