Does CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout have any unpatched vulnerabilities?

No. All known vulnerabilities in CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout have been patched as of the latest data update. Always keep the plugin updated to the latest version.

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Security & Risk Analysis

wordpress.org/plugins/support-x

Show user tickets from HelpScout, ZenDesk, FreshDesk and Teamwork in wordpress. Users can create new support tickets and reply to old tickets.

40 active installs v1.1.8 PHP 5.3+ WP 3.8+ Updated Dec 15, 2025

freshdeskhelpdeskhelpscoutsupportzendesk

A · Safe

CVEs total3

Unpatched0

Last CVEApr 16, 2025

Plugin page Download

Safety Verdict

Is CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Safe to Use in 2026?

Generally Safe

Score 97/100

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 16, 2025Updated 3mo ago

Risk Assessment

The 'support-x' plugin version 1.1.8 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and having no currently unpatched CVEs, significant concerns arise from its attack surface and output escaping. The presence of three AJAX handlers without authentication checks presents a direct entry point for potential attackers to exploit. Furthermore, the low percentage of properly escaped output (14%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, which is corroborated by its vulnerability history containing three medium severity XSS issues. Although the taint analysis shows no critical or high severity unsanitized flows, the combination of unprotected entry points and poor output sanitization warrants caution. The plugin's history of XSS vulnerabilities and the static analysis findings suggest a recurring weakness in input validation and output sanitization, which attackers could potentially leverage, especially given the unprotected AJAX endpoints. Therefore, while some secure coding practices are in place, the identified weaknesses, particularly the unprotected AJAX handlers and widespread unescaped output, significantly elevate the risk.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped output
Flows with unsanitized paths (Taint Analysis)
Medium severity XSS vulnerabilities in history

Vulnerabilities

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-39558medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks <= 1.1.7 - Reflected Cross-Site Scripting

Apr 16, 2025 Patched in 1.1.8 (6d)

CVE-2024-12443medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 16, 2024 Patched in 1.1.7 (1d)

CVE-2025-24558medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.5 - Reflected Cross-Site Scripting

Nov 23, 2024 Patched in 1.1.6 (91d)

Code Analysis

Analyzed Mar 16, 2026

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

102

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped119 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

create_ticket (includes\helpscout-api.php:183)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 3

authwp_ajax_vx_support_x_get_mailboxesincludes\admin-pages.php:14

authwp_ajax_vx_helpscout_appincludes\admin-pages.php:15

noprivwp_ajax_vx_helpscout_appincludes\admin-pages.php:16

Shortcodes 2

[crm-perks-tickets] support-x.php:61

[crm-perks-form] support-x.php:62

WordPress Hooks 11

filteradmin_menuincludes\admin-pages.php:12

filterplugin_action_linksincludes\admin-pages.php:17

actionplugins_loadedsupport-x.php:42

filterwoocommerce_account_menu_itemssupport-x.php:64

actiontemplate_redirectsupport-x.php:67

actionadmin_initsupport-x.php:68

actioninitsupport-x.php:69

filteradmin_tabs_vx_support_xwp\crmperks-notices.php:10

actionadd_section_vx_support_xwp\crmperks-notices.php:11

actionadmin_tabs_section_vx_support_xwp\crmperks-notices.php:12

filterplugin_row_metawp\crmperks-notices.php:13

Maintenance & Trust

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 15, 2025

PHP min version5.3

Downloads6K

Community Trust

Rating88/100

Number of ratings7

Active installs40

Alternatives

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Alternatives

Zendesk Support for WordPress

zendesk

Bring the helpdesk into your blog

2K 1 CVE

Freshdesk (official)

freshdesk-support

Quickly embed the Freshdesk help widget, convert WordPress comments to tickets and seamlessly log your WordPress users into your support portal.

900 3 CVEs

Viable Support for Zendesk

viable-support-for-zendesk

100

Connect your Zendesk Support account with WordPress — create tickets, sync custom fields, and automatically convert comments into Zendesk tickets.

0 No CVEs

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs

SupportCandy – Helpdesk & Customer Support Ticket System

supportcandy

Enhance your WordPress site with our helpdesk and support ticket system. Manage customer support, tickets, and email tickets efficiently.

10K 16 CVEs

Developer Profile

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Developer Profile

CRM Perks

32 plugins · 105K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

349 days

View full developer profile

Detection Fingerprints

How We Detect CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/support-x/assets/css/style.css/wp-content/plugins/support-x/assets/js/main.js/wp-content/plugins/support-x/templates/style.php/wp-content/plugins/support-x/templates/ticket-form.php

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

support-x/assets/css/style.css?ver=support-x/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

vx_entries_tablevx_ticket_formvx_form_rowvx_form_groupvx_ticket_detailvx_support_x_user_ticket_list

Data Attributes

data-vx-iddata-vx-typedata-vx-fielddata-vx-crm

JS Globals

vx_support_x_objvx_support_x_vars

REST Endpoints

/wp-json/support-x/v1/tickets/wp-json/support-x/v1/ticket

Shortcode Output

[crm-perks-tickets][crm-perks-form]

FAQ