WP-Safety

WP Advanced Ticket System, Elite Support Helpdesk Security & Risk Analysis

wordpress.org/plugins/wats

WATS is a ticket system, used by helpdesk staff to deliver support. WATS stands for WP Advanced Ticket System.

200 active installs v1.0.65 PHP + WP 4.0+ Updated Oct 12, 2025
helpdesksupportsupport-systemticketticket-system
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 16, 2021
Plugin page Download
Safety Verdict

Is WP Advanced Ticket System, Elite Support Helpdesk Safe to Use in 2026?

Generally Safe

Score 100/100

WP Advanced Ticket System, Elite Support Helpdesk has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 16, 2021Updated 5mo ago
Risk Assessment

The "wats" plugin, version 1.0.65, presents a significant security risk due to a large number of unprotected AJAX handlers and concerning code signals. All 16 identified AJAX handlers lack authentication checks, creating a wide attack surface. Furthermore, the presence of the `unserialize` function, combined with 3 high-severity unsanitized taint flows, indicates a strong potential for remote code execution or data manipulation vulnerabilities if user-supplied data is directly deserialized. While the plugin shows good practices in using prepared statements for most SQL queries and implementing nonce and capability checks, these are overshadowed by the critical lack of access control on its AJAX endpoints and the dangerous code patterns identified.

Key Concerns

  • All 16 AJAX handlers are unprotected
  • 3 high severity unsanitized taint flows
  • Dangerous function: unserialize
  • Only 29% of outputs are properly escaped
  • 1 medium severity CVE history (though currently patched)
Vulnerabilities
1

WP Advanced Ticket System, Elite Support Helpdesk Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2021-24623medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Advanced Ticket System, Elite Support Helpdesk <= 1.0.63 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 16, 2021 Patched in 1.0.64 (890d)
Code Analysis
Analyzed Mar 16, 2026

WP Advanced Ticket System, Elite Support Helpdesk Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
21 prepared
Unescaped Output
423
175 escaped
Nonce Checks
17
Capability Checks
84
File Operations
2
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$result = unserialize($result['body']);wats-options.php:3355

SQL Query Safety

88% prepared24 total queries

Output Escaping

29% escaped598 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
wats_ticket_access_denied (wats-template.php:201)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

WP Advanced Ticket System, Elite Support Helpdesk Attack Surface

Entry Points16
Unprotected16

AJAX Handlers 16

authwp_ajax_wats_admin_insert_option_entrywats.php:601
authwp_ajax_wats_admin_remove_option_entrywats.php:602
authwp_ajax_wats_admin_update_option_entrywats.php:603
authwp_ajax_wats_admin_insert_notification_rule_entrywats.php:604
authwp_ajax_wats_admin_remove_notification_rule_entrywats.php:605
authwp_ajax_wats_admin_insert_ticket_custom_fieldwats.php:606
authwp_ajax_wats_admin_remove_ticket_custom_fieldwats.php:607
authwp_ajax_wats_admin_get_custom_fields_selector_values_tablewats.php:608
authwp_ajax_wats_admin_options_get_custom_field_table_rowwats.php:609
authwp_ajax_wats_admin_update_ticket_custom_fieldwats.php:610
authwp_ajax_wats_admin_insert_ticket_listing_querywats.php:611
authwp_ajax_wats_admin_remove_ticket_listing_querywats.php:612
authwp_ajax_wats_admin_options_get_custom_query_table_rowwats.php:613
authwp_ajax_wats_admin_update_ticket_custom_querywats.php:614
authwp_ajax_wats_admin_options_get_default_field_table_rowwats.php:615
authwp_ajax_wats_admin_update_ticket_default_fieldwats.php:616
WordPress Hooks 50
actionplugins_loadedwats-dashboard.php:61
filtermedia_upload_tabswats-head.php:134
filterlist_terms_exclusionswats-head.php:151
actionmanage_posts_custom_columnwats-head.php:172
actionmanage_posts_columnswats-head.php:173
actionadmin_print_scriptswats-head.php:175
actionshow_user_profilewats-head.php:194
actionedit_user_profilewats-head.php:195
actionprofile_updatewats-head.php:196
filterlist_terms_exclusionswats-head.php:241
filterlist_terms_exclusionswats-options.php:1534
filterthe_contentwats-template.php:177
filtercomments_openwats-template.php:373
actioncomment_form_comments_closedwats-template.php:374
filtercomment_form_field_commentwats-template.php:377
filtercomment_classwats-template.php:391
actionadmin_headwats.php:449
actionwp_print_styleswats.php:450
actionadmin_print_styleswats.php:451
actionwp_dashboard_setupwats.php:452
actionwp_footerwats.php:453
actionadmin_menuwats.php:517
actioninitwats.php:570
actionplugins_loadedwats.php:571
actioncomment_postwats.php:572
actionwp_footerwats.php:573
filtertemplate_includewats.php:575
filtercomments_templatewats.php:576
filterthe_titlewats.php:577
filterget_previous_post_wherewats.php:578
filterget_next_post_wherewats.php:579
filtergetarchives_wherewats.php:580
filterposts_wherewats.php:581
filterthe_contentwats.php:582
filterthe_contentwats.php:583
filterthe_content_rsswats.php:584
filterwp_insert_post_datawats.php:585
filteredit_post_linkwats.php:586
filtercomment_feed_wherewats.php:587
filterwp_titlewats.php:588
filterpost_row_actionswats.php:589
actionsave_postwats.php:590
actionpre_comment_on_postwats.php:591
filterpost_type_linkwats.php:592
filtercomments_clauseswats.php:593
filtercomments_arraywats.php:594
filterget_comments_numberwats.php:595
filterpost_updated_messageswats.php:596
filterpreprocess_commentwats.php:597
actionpre_get_postswats.php:598
Maintenance & Trust

WP Advanced Ticket System, Elite Support Helpdesk Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 12, 2025
PHP min version
Downloads105K

Community Trust

Rating80/100
Number of ratings58
Active installs200
Alternatives

WP Advanced Ticket System, Elite Support Helpdesk Alternatives

Customer Support Ticket System & Helpdesk Plugin for WordPress

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

A
91

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs
Awesome Support – WordPress HelpDesk & Support Plugin

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

A
88

The most versatile and feature-rich help desk and support plugin for WordPress. Provide awesome support directly from your WordPress site.

7K 24 CVEs
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

majestic-support

C
58

Majestic Support for WordPress is a top-tier ticket system that can significantly enhance your customers' support experience.

2K 1 unpatched
Nirweb support

Nirweb support

nirweb-support

C
58

NirWeb support is a great help desk and support plugin for WordPress with full support of WooCommerce

1K 1 unpatched
ELEX WordPress HelpDesk & Customer Ticketing System

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

B
82

ELEX WordPress HelpDesk & Customer Ticketing System offers top-notch features for the best customer support experience.

300 13 CVEs
Developer Profile

WP Advanced Ticket System, Elite Support Helpdesk Developer Profile

firebird75

2 plugins · 250 total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
890 days
View full developer profile
Detection Fingerprints

How We Detect WP Advanced Ticket System, Elite Support Helpdesk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wats/css/style.css/wp-content/plugins/wats/css/jquery.mCustomScrollbar.css/wp-content/plugins/wats/js/wats_ticket_form.js/wp-content/plugins/wats/js/wats_admin.js/wp-content/plugins/wats/js/wats_ticket_listing.js/wp-content/plugins/wats/js/wats_ticket_edit.js/wp-content/plugins/wats/js/wats_ticket_view.js/wp-content/plugins/wats/js/wats_ticket_submit.js+8 more
Generator Patterns
WATS
Script Paths
/wp-content/plugins/wats/js/wats_ticket_form.js/wp-content/plugins/wats/js/wats_admin.js/wp-content/plugins/wats/js/wats_ticket_listing.js/wp-content/plugins/wats/js/wats_ticket_edit.js/wp-content/plugins/wats/js/wats_ticket_view.js/wp-content/plugins/wats/js/wats_ticket_submit.js+8 more
Version Parameters
wats/style.css?ver=wats/css/style.css?ver=wats/css/jquery.mCustomScrollbar.css?ver=wats/js/wats_ticket_form.js?ver=wats/js/wats_admin.js?ver=wats/js/wats_ticket_listing.js?ver=wats/js/wats_ticket_edit.js?ver=wats/js/wats_ticket_view.js?ver=wats/js/wats_ticket_submit.js?ver=wats/js/wats_custom_fields.js?ver=wats/js/wats_ticket_update.js?ver=wats/js/jquery.mCustomScrollbar.concat.min.js?ver=wats/js/wats_ticket_listing_public.js?ver=wats/js/wats_ticket_view_public.js?ver=wats/js/wats_ticket_update_public.js?ver=wats/js/wats_ticket_submit_public.js?ver=wats/js/wats_admin_ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
wats-ticket-formwats-ticket-listingwats-ticket-editwats-ticket-viewwats-ticket-submitwats-custom-fieldwats-ticket-updatewats-ticket-id+28 more
Data Attributes
data-wats-ticket-iddata-wats-field-iddata-wats-field-typedata-wats-capability
JS Globals
wats_ticket_form_paramswats_admin_paramswats_ticket_listing_paramswats_ticket_edit_paramswats_ticket_view_paramswats_ticket_submit_params+8 more
REST Endpoints
/wp-json/wats/v1/tickets/wp-json/wats/v1/settings/wp-json/wats/v1/users
Shortcode Output
[wats_ticket_listing][wats_ticket_form][wats_ticket_view][wats_ticket_edit]
FAQ

Frequently Asked Questions about WP Advanced Ticket System, Elite Support Helpdesk