Does Support Helpdesk Ticket System Lite have any unpatched vulnerabilities?

Yes — Support Helpdesk Ticket System Lite currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Support Helpdesk Ticket System Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Support Helpdesk Ticket System Lite 4.5.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Support Helpdesk Ticket System Lite compatible with PHP 5.6+?

Support Helpdesk Ticket System Lite requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Support Helpdesk Ticket System Lite updated?

Support Helpdesk Ticket System Lite was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Support Helpdesk Ticket System Lite's security score?

Support Helpdesk Ticket System Lite has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Support Helpdesk Ticket System Lite: 1 Unpatched CVE

Safety Verdict

Is Support Helpdesk Ticket System Lite Safe to Use in 2026?

Mostly Safe

Score 79/100

Support Helpdesk Ticket System Lite is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Apr 2, 2025Updated 5mo ago

Risk Assessment

The 'ticket-help-desk-system-lite' v4.5.2 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing a substantial number of nonce and capability checks. This suggests a developer with an awareness of common WordPress security pitfalls.

However, several concerns warrant attention. The static analysis reveals a concerning number of flows with unsanitized paths (15 total), indicating a potential for vulnerabilities, even though no critical or high severity taint flows were detected. Furthermore, over half of the output instances are not properly escaped, creating a significant risk for Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history, specifically one unpatched medium severity CVE related to XSS, corroborates the output escaping concerns and highlights a recurring issue.

In conclusion, while the plugin employs some strong security fundamentals, the unpatched CVE and the high percentage of unescaped output present tangible risks that require immediate attention. The developer should prioritize addressing the XSS vulnerability and improving output sanitization to strengthen the plugin's overall security.

Key Concerns

Unpatched medium CVE
51% of outputs not properly escaped
15 flows with unsanitized paths

Vulnerabilities

1 published

Support Helpdesk Ticket System Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1

1 total CVE

CVE-2025-31626medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Support Helpdesk Ticket System Lite <= 4.5.2 - Reflected Cross-Site Scripting

Apr 2, 2025Unpatched

Version History

Support Helpdesk Ticket System Lite Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Support Helpdesk Ticket System Lite Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

235 prepared

Unescaped Output

284

299 escaped

Nonce Checks

15

Capability Checks

6

File Operations

6

External Requests

4

Bundled Libraries

0

SQL Query Safety

100% prepared235 total queries

Output Escaping

51% escaped583 total outputs

Data Flows · Security

15 unsanitized

Data Flow Analysis

19 flows15 with unsanitized paths

_replyToCheckRedirects (admin/factory/AdminPageFramework/AdminPageFramework_Form_Model.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Support Helpdesk Ticket System Lite Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_mam_open_company_ticket_ajaxincludes/open_company_ticket_ajax.php:2

noprivwp_ajax_mam_open_company_ticket_ajaxincludes/open_company_ticket_ajax.php:3

Shortcodes 1

[faq] includes/ticket-helpdesk-functions.php:634

WordPress Hooks 62

actionnetwork_admin_noticesadmin/factory/AdminPageFramework/AdminPageFramework_Controller.php:59

actionadmin_noticesadmin/factory/AdminPageFramework/AdminPageFramework_Controller.php:61

actionadmin_menuadmin/factory/AdminPageFramework/AdminPageFramework_Menu_Controller.php:14

actioncurrent_screenadmin/factory/AdminPageFramework/AdminPageFramework_Menu_Model.php:79

filteradmin_titleadmin/factory/AdminPageFramework/AdminPageFramework_Menu_Model.php:100

actionadmin_headadmin/factory/AdminPageFramework/AdminPageFramework_Page_View_MetaBox.php:14

actionwp_loadedadmin/factory/AdminPageFramework/AdminPageFramework_Router.php:16

actionadmin_headadmin/factory/AdminPageFramework/controller/AdminPageFramework_HelpPane_Page.php:15

filterplugin_row_metaadmin/factory/AdminPageFramework/controller/AdminPageFramework_Link_Page.php:25

filterwp_mail_content_typeadmin/factory/AdminPageFramework/model/AdminPageFramework_FormEmail.php:24

filterwp_mail_fromadmin/factory/AdminPageFramework/model/AdminPageFramework_FormEmail.php:27

filterwp_mail_from_nameadmin/factory/AdminPageFramework/model/AdminPageFramework_FormEmail.php:30

filterupdate_footeradmin/factory/AdminPageFramework/view/AdminPageFramework_PageLoadInfo_Page.php:19

actionshutdownadmin/factory/AdminPageFramework_Factory/AdminPageFramework_Factory_Controller.php:53

actionshutdownadmin/factory/AdminPageFramework_Factory/AdminPageFramework_Factory_Controller.php:64

actionshutdownadmin/factory/AdminPageFramework_Factory/AdminPageFramework_Factory_Model.php:59

actioncurrent_screenadmin/factory/AdminPageFramework_Factory/AdminPageFramework_Factory_Router.php:24

actionnetwork_admin_noticesadmin/factory/AdminPageFramework_Factory/AdminPageFramework_Factory_View.php:19

actionadmin_noticesadmin/factory/AdminPageFramework_Factory/AdminPageFramework_Factory_View.php:21

actionin_admin_footeradmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Link_Base.php:15

filteradmin_footer_textadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Link_Base.php:52

filterupdate_footeradmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Link_Base.php:53

actionadmin_enqueue_scriptsadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:21

actionadmin_enqueue_scriptsadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:22

actioncustomize_controls_print_footer_scriptsadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:25

actioncustomize_controls_print_footer_scriptsadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:26

actionadmin_footeradmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:27

actionadmin_footeradmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:28

actionadmin_print_footer_scriptsadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:29

actionadmin_print_footer_scriptsadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:30

filterscript_loader_srcadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:31

filterstyle_loader_srcadmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:32

filterclean_urladmin/factory/AdminPageFramework_Factory/controller/AdminPageFramework_Resource_Base.php:44

filtermedia_upload_tabsadmin/factory/AdminPageFramework_Factory/view/AdminPageFramework_FieldType/AdminPageFramework_FieldType_Base.php:79

filtergettextadmin/factory/AdminPageFramework_Factory/view/AdminPageFramework_FieldType/AdminPageFramework_FieldType_Base.php:89

actionin_admin_footeradmin/factory/AdminPageFramework_Factory/view/AdminPageFramework_PageLoadInfo_Base.php:17

actioncustomize_controls_print_footer_scriptsadmin/factory/AdminPageFramework_Factory/view/AdminPageFramework_Script/AdminPageFramework_Script_Base.php:17

actionadmin_footeradmin/factory/AdminPageFramework_Factory/view/AdminPageFramework_Script/AdminPageFramework_Script_Base.php:18

actionadmin_footeradmin/factory/AdminPageFramework_Factory/view/AdminPageFramework_Script/AdminPageFramework_Script_MediaUploader.php:12

actioninitincludes/backend-posttype-metas/backend-posttype-companies.php:4

actionadd_meta_boxesincludes/backend-posttype-metas/backend-posttype-companies.php:5

actioninitincludes/backend-posttype-metas/backend-posttype-tickets.php:4

actionadd_meta_boxesincludes/backend-posttype-metas/backend-posttype-tickets.php:5

actionbefore_company_createdincludes/check-hd-boundaries.php:6

actionbefore_ticket_createdincludes/check-hd-boundaries.php:44

actionbefore_agent_addincludes/check-hd-boundaries.php:86

actionbefore_customer_addincludes/check-hd-boundaries.php:116

actionwp_enqueue_scriptsincludes/init.php:7

actionadmin_enqueue_scriptsincludes/init.php:8

actionpost_type_linkincludes/template-rewrite-rules-hook.php:9

actiongenerate_rewrite_rulesincludes/template-rewrite-rules-hook.php:30

actionquery_varsincludes/template-rewrite-rules-hook.php:131

actiontemplate_includeincludes/template-rewrite-rules-hook.php:141

filterwp_mail_content_typeincludes/ticket-helpdesk-notifications.php:2

filterwp_mail_content_typeincludes/ticket-helpdesk-notifications.php:8

actioncompany_created_updatedincludes/ticket-helpdesk-notifications.php:22

actioncompany_created_updatedincludes/ticket-helpdesk-notifications.php:58

actioncompany_created_updatedincludes/ticket-helpdesk-notifications.php:101

actionticket_createdincludes/ticket-helpdesk-notifications.php:147

actionticket_createdincludes/ticket-helpdesk-notifications.php:187

actionticket_updatedincludes/ticket-helpdesk-notifications.php:251

actionticket_updatedincludes/ticket-helpdesk-notifications.php:313

Maintenance & Trust

Support Helpdesk Ticket System Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version5.6

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Support Helpdesk Ticket System Lite Alternatives

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

A

91

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs

WP Advanced Ticket System, Elite Support Helpdesk

wats

A

100

WATS is a ticket system, used by helpdesk staff to deliver support. WATS stands for WP Advanced Ticket System.

200 1 CVE

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

A

88

The most versatile and feature-rich help desk and support plugin for WordPress. Provide awesome support directly from your WordPress site.

7K 26 CVEs

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

majestic-support

B

82

Majestic Support for WordPress is a top-tier ticket system that can significantly enhance your customers' support experience.

3K 8 CVEs

Nirweb support

nirweb-support

C

58

NirWeb support is a great help desk and support plugin for WordPress with full support of WooCommerce

1K 1 unpatched

Developer Profile

Support Helpdesk Ticket System Lite Developer Profile

M. Ali Saleem

7 plugins · 790 total installs

90

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Support Helpdesk Ticket System Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ticket-help-desk-system-lite/css/style.css/wp-content/plugins/ticket-help-desk-system-lite/js/ticket-help-desk-system.js/wp-content/plugins/ticket-help-desk-system-lite/css/custom.css

Script Paths

/wp-content/plugins/ticket-help-desk-system-lite/js/ticket-help-desk-system.js

Version Parameters

ticket-help-desk-system-lite/css/style.css?ver=ticket-help-desk-system-lite/js/ticket-help-desk-system.js?ver=ticket-help-desk-system-lite/css/custom.css?ver=

HTML / DOM Fingerprints

CSS Classes

mhelpdesk_contentmhelpdesk_headingmhelpdesk_wrappermhelpdesk_reply_btnmhelpdesk_close_btnmhelpdesk_submit_btn

HTML Comments

Data Attributes

data-mhelpdesk-ticket-iddata-mhelpdesk-status

JS Globals

mhelpdesk_ajax_objectmhelpdesk_vars

REST Endpoints

/wp-json/mhelpdesk/v1/tickets/wp-json/mhelpdesk/v1/companies

Shortcode Output

[mhelpdesk_ticket_form][mhelpdesk_tickets_list][mhelpdesk_company_info]

FAQ

Support Helpdesk Ticket System Lite Security & Risk Analysis