WP-Safety

System Ticket Support Security & Risk Analysis

wordpress.org/plugins/system-ticket-support

The simple system ticket support. Full features to build a system private ticket, got notification via email.

10 active installs v1.0.0 PHP + WP 4.5+ Updated Mar 28, 2020
private-ticketsupportsystem-supportticketticket-support
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is System Ticket Support Safe to Use in 2026?

Generally Safe

Score 85/100

System Ticket Support has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "system-ticket-support" v1.0.0 plugin presents a mixed security posture. While it exhibits strong adherence to secure coding practices with a high percentage of prepared SQL statements and properly escaped output, and boasts no recorded vulnerability history, several critical areas raise significant concerns. The presence of the `unserialize` function without apparent sanitization or protection is a major red flag, as it can lead to Remote Code Execution (RCE) if an attacker can control the serialized data. Furthermore, the taint analysis revealing a high number of flows with unsanitized paths, particularly those flagged as high severity, indicates potential vulnerabilities that could arise from user-supplied input being processed without adequate validation or sanitization, even if direct attack vectors like AJAX or REST API endpoints are not immediately apparent as unprotected. The absence of capability checks on entry points, while the entry points themselves are seemingly protected, means that once an entry point is reached, further actions might not be adequately permissioned. The lack of recorded CVEs is positive, but the internal code analysis reveals potential for vulnerabilities that may not have been publicly documented yet.

Key Concerns

  • Unsanitized unserialize function
  • High number of unsanitized taint flows (high severity)
  • No capability checks on entry points
  • Bundled outdated TinyMCE v5.1.6
Vulnerabilities
None known

System Ticket Support Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

System Ticket Support Code Analysis

Dangerous Functions
9
Raw SQL Queries
11
366 prepared
Unescaped Output
25
1049 escaped
Nonce Checks
60
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
3

Dangerous Functions Found

unserialize$menus = unserialize( $menus );admin\templates\footer-setting.php:4
unserialize$nmenus = unserialize( $menus );admin\templates\footer-setting.php:45
unserialize$history = unserialize( $ticket->history );inc\ajax\change-status-ajax-action.php:52
unserialize$history = unserialize( $ticket->history );inc\ajax\mark-process-ajax-action.php:42
unserialize$history = unserialize( $ticket->history );inc\ajax\unmark-process-ajax-action.php:40
unserialize$new_menus = unserialize( $menus );inc\form-handler.class.php:118
unserialize$new_menus = unserialize( $menus );inc\form-handler.class.php:175
unserialize$new_menus = unserialize( $menus );inc\form-handler.class.php:224
unserialize$new_menu = unserialize( $menus );templates\sts-footer.php:7

Bundled Libraries

jQuerySelect2TinyMCE5.1.6

SQL Query Safety

97% prepared377 total queries

Output Escaping

98% escaped1074 total outputs
Data Flows
50 unsanitized

Data Flow Analysis

25 flows50 with unsanitized paths
sts_redirect_not_login (inc\functions\helper.php:538)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

System Ticket Support Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 65
actionadmin_menuadmin\admin.php:10
actionsts_submit_ticket_beforeinc\action.class.php:19
actionsts_customer_topinc\action.class.php:20
actionsts_menu_left_middleinc\action.class.php:21
actionsts_tickets_filter_secondinc\action.class.php:22
actionsts_customer_iteminc\action.class.php:23
actioninitinc\assets.class.php:19
actionwp_enqueue_scriptsinc\assets.class.php:20
filtersafe_style_cssinc\assets.class.php:21
filtercron_schedulesinc\cron-job.class.php:19
filtercron_schedulesinc\cron-job.class.php:20
actioninitinc\cron-job.class.php:21
actiontask_unlock_reply_hookinc\cron-job.class.php:22
actiontask_close_responded_ticket_hookinc\cron-job.class.php:23
actioninitinc\endpoints.class.php:19
actiontemplate_redirectinc\endpoints.class.php:20
actiontst_endpoint_template_submit-ticketinc\endpoints.class.php:24
actiontst_endpoint_template_no_login_submit-ticketinc\endpoints.class.php:25
actiontst_endpoint_template_ticketsinc\endpoints.class.php:26
actiontst_endpoint_template_ticket-detailsinc\endpoints.class.php:27
actiontst_endpoint_template_customersinc\endpoints.class.php:28
actiontst_endpoint_template_customer-detailsinc\endpoints.class.php:29
actiontst_endpoint_template_editing-profileinc\endpoints.class.php:30
actiontst_endpoint_template_supportersinc\endpoints.class.php:31
actiontst_endpoint_template_supporter-detailsinc\endpoints.class.php:32
actiontst_endpoint_template_templatesinc\endpoints.class.php:33
actiontst_endpoint_template_new-templateinc\endpoints.class.php:34
actiontst_endpoint_template_update-templateinc\endpoints.class.php:35
actiontst_endpoint_template_categoriesinc\endpoints.class.php:36
actiontst_endpoint_template_updating-categoryinc\endpoints.class.php:37
actiontst_endpoint_template_new-categoryinc\endpoints.class.php:38
actiontst_endpoint_template_dashboardsinc\endpoints.class.php:39
actiontst_endpoint_template_user-profileinc\endpoints.class.php:40
actiontst_endpoint_template_no_login_logininc\endpoints.class.php:41
actiontst_endpoint_template_no_login_registerinc\endpoints.class.php:42
actiontst_endpoint_template_rating-reportinc\endpoints.class.php:43
actiontst_endpoint_template_no_login_lost-passwordinc\endpoints.class.php:44
actiontst_endpoint_template_no_login_reset-passwordinc\endpoints.class.php:45
actiontst_endpoint_template_new-mail-templateinc\endpoints.class.php:46
actiontst_endpoint_template_mail-templatesinc\endpoints.class.php:47
actiontst_endpoint_template_update-email-templateinc\endpoints.class.php:48
actiontst_endpoint_template_supporter-reportinc\endpoints.class.php:52
filtersts_submit_ticketinc\filter.class.php:20
filtersts_get_categoriesinc\filter.class.php:21
filtersts_get_filter_ticketinc\filter.class.php:22
filtersts_get_all_ticketinc\filter.class.php:23
filtersts_filter_customerinc\filter.class.php:24
filtersts_registerinc\filter.class.php:26
actionwp_loadedinc\form-handler.class.php:18
actioninitinc\form-handler.class.php:19
actioninitinc\form-handler.class.php:20
actioninitinc\form-handler.class.php:21
actioninitinc\form-handler.class.php:22
actioninitinc\form-handler.class.php:23
actionwp_logoutinc\form-handler.class.php:24
actioninitinc\form-handler.class.php:25
actioninitinc\form-handler.class.php:26
actioninitinc\form-handler.class.php:27
actioninitinc\form-handler.class.php:28
filtersts_theme_current_style_handleinc\functions\remove-theme-assets.php:2
filtersts_theme_current_script_handleinc\functions\remove-theme-assets.php:52
actioninitinc\install.class.php:19
actionadmin_bar_initinc\templates.class.php:19
filtertemplate_includeinc\templates.class.php:20
actionplugins_loadedsystem-ticket-support.php:56

Scheduled Events 2

task_unlock_reply_hook
task_close_responded_ticket_hook
Maintenance & Trust

System Ticket Support Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedMar 28, 2020
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

System Ticket Support Alternatives

Guest Support

Guest Support

guest-support

A
98

Complete WordPress support ticket system. No login needed for users or agents. Includes spam protection, file uploads, and secure replies.

40 2 CVEs
Fluent Support – Helpdesk & Customer Support Ticket System

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

A
89

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs
SupportCandy – Helpdesk & Customer Support Ticket System

SupportCandy – Helpdesk & Customer Support Ticket System

supportcandy

B
76

Enhance your WordPress site with our helpdesk and support ticket system. Manage customer support, tickets, and email tickets efficiently.

10K 16 CVEs
Awesome Support – WordPress HelpDesk & Support Plugin

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

A
88

The most versatile and feature-rich help desk and support plugin for WordPress. Provide awesome support directly from your WordPress site.

7K 24 CVEs
JS Help Desk – AI-Powered Support & Ticketing System

JS Help Desk – AI-Powered Support & Ticketing System

js-support-ticket

B
76

Professional, beautiful, complete and powerful help desk & support system for WordPress.

6K 21 CVEs
Developer Profile

System Ticket Support Developer Profile

g5theme

8 plugins · 19K total installs

64
trust score
Avg Security Score
79/100
Avg Patch Time
157 days
View full developer profile
Detection Fingerprints

How We Detect System Ticket Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/system-ticket-support/assets/css/admin-style.css/wp-content/plugins/system-ticket-support/assets/css/frontend-style.css/wp-content/plugins/system-ticket-support/assets/js/admin-script.js/wp-content/plugins/system-ticket-support/assets/js/frontend-script.js/wp-content/plugins/system-ticket-support/assets/js/vendor/jquery-validation/dist/jquery.validate.min.js/wp-content/plugins/system-ticket-support/assets/js/vendor/sweetalert2/sweetalert2.min.js
Script Paths
/wp-content/plugins/system-ticket-support/assets/js/admin-script.js/wp-content/plugins/system-ticket-support/assets/js/frontend-script.js/wp-content/plugins/system-ticket-support/assets/js/vendor/jquery-validation/dist/jquery.validate.min.js/wp-content/plugins/system-ticket-support/assets/js/vendor/sweetalert2/sweetalert2.min.js
Version Parameters
system-ticket-support/assets/css/admin-style.css?ver=system-ticket-support/assets/css/frontend-style.css?ver=system-ticket-support/assets/js/admin-script.js?ver=system-ticket-support/assets/js/frontend-script.js?ver=system-ticket-support/assets/js/vendor/jquery-validation/dist/jquery.validate.min.js?ver=system-ticket-support/assets/js/vendor/sweetalert2/sweetalert2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
sts-ticket-formsts-ticket-liststs-single-ticket
HTML Comments
<!-- System Ticket Support Plugin --><!-- End System Ticket Support Plugin -->
Data Attributes
data-sts-ticket-iddata-sts-user-id
JS Globals
sts_ajax_object
REST Endpoints
/wp-json/sts/v1/tickets/wp-json/sts/v1/tickets/(?P<id>\d+)
Shortcode Output
[sts_ticket_form][sts_ticket_list][sts_single_ticket]
FAQ

Frequently Asked Questions about System Ticket Support