Does Customer Support Ticket System & Helpdesk Plugin for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Customer Support Ticket System & Helpdesk Plugin for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Customer Support Ticket System & Helpdesk Plugin for WordPress compatible with WordPress 6.8.5?

According to WordPress.org data, Customer Support Ticket System & Helpdesk Plugin for WordPress 6.0.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Customer Support Ticket System & Helpdesk Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/wp-ticket

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 active installs v6.0.4 PHP + WP 4.5+ Updated Sep 4, 2025

customer-supporthelpdesksupport-systemsupport-ticketticket-system

A · Safe

CVEs total7

Unpatched0

Last CVESep 26, 2025

Plugin page Download

Safety Verdict

Is Customer Support Ticket System & Helpdesk Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 91/100

Customer Support Ticket System & Helpdesk Plugin for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Sep 26, 2025Updated 7mo ago

Risk Assessment

The wp-ticket plugin v6.0.4 presents a moderate security risk. While it demonstrates some positive security practices, such as a high percentage of prepared SQL statements and a good proportion of output escaping, significant concerns remain. The plugin has a substantial attack surface with 32 entry points, and a notable 9 of these, primarily AJAX handlers, lack authentication checks. This directly exposes potential vulnerabilities to unauthenticated users. The taint analysis further highlights risks, with 9 flows identified with unsanitized paths and 2 of high severity, indicating potential for data manipulation or code execution if these flows are exploited.

The plugin's vulnerability history is a significant red flag. With a total of 7 known CVEs, including 2 high-severity and 5 medium-severity vulnerabilities, it suggests a pattern of recurring security flaws. The common vulnerability types (XSS, Deserialization, Eval Injection) are serious and can lead to complete site compromise. The fact that the last vulnerability was as recent as September 2025, with no currently unpatched vulnerabilities, does not negate the historical trend and indicates that past issues have been addressed, but the underlying coding practices may still be prone to such errors.

In conclusion, while the plugin has made strides in using prepared statements and output escaping, the high number of unprotected entry points, the critical taint flows, and the consistent history of high and medium severity vulnerabilities necessitate caution. Users should carefully weigh the benefits of this plugin against the potential risks and ensure they are running the absolute latest version, if available, and monitor for future security advisories. The presence of outdated bundled libraries like Select2 v3.2 also adds to the overall risk profile.

Key Concerns

9 AJAX handlers without auth checks
2 high severity taint flows
9 unsanitized paths in taint analysis
2 dangerous functions (preg_replace(/e))
Bundled outdated library (Select2 v3.2)
2 High severity CVEs historically
5 Medium severity CVEs historically

Vulnerabilities

Customer Support Ticket System & Helpdesk Plugin for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

1 CVE in 2023

2023

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2025-60157medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 26, 2025 Patched in 6.0.3 (4d)

CVE-2025-58915medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple Plugins by eMarket Design <= Various Versions - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 23, 2025 Patched in 6.0.1 (8d)

CVE-2025-53584high · 8.1Deserialization of Untrusted Data

WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 - Unauthenticated PHP Object Injection

Aug 25, 2025 Patched in 6.0.3 (10d)

CVE-2025-8420high · 8.1Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution

Aug 5, 2025 Patched in 6.0.3 (51d)

WF-b27338c7-2fbc-4985-a25e-8e2a9fdef8c3-wp-ticketmedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Customer Service Software & Support Ticket System <= 5.12.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 22, 2023 Patched in 5.13 (215d)

CVE-2021-24622medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Customer Service Software & Support Ticket System < 5.10.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Sep 20, 2021 Patched in 5.10.4 (855d)

WF-8d4ea0a8-d2f6-4209-b17f-0a26ba664c63-wp-ticketmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Zebra_Form PHP library <= 2.9.8 - Reflected Cross-Site Scripting

Feb 14, 2021 Patched in 5.6.0 (1073d)

Code Analysis

Analyzed Mar 16, 2026

Customer Support Ticket System & Helpdesk Plugin for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

38 prepared

Unescaped Output

278

1437 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:495

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:516

Bundled Libraries

Select23.2

SQL Query Safety

93% prepared41 total queries

Output Escaping

84% escaped1715 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

18 flows9 with unsanitized paths

emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:831)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Customer Support Ticket System & Helpdesk Plugin for WordPress Attack Surface

Entry Points32

Unprotected9

AJAX Handlers 30

authwp_ajax_emd_insert_new_shcincludes\admin\shortcode-list-functions.php:72

authwp_ajax_single_tax_add_taxtermincludes\admin\singletax\emd-singletax-functions.php:4

authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:56

noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:57

authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:58

noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:59

authwp_ajax_emd_check_userEmailincludes\common-functions.php:541

authwp_ajax_emd_check_uniqueincludes\common-functions.php:570

authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:830

authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1192

authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1245

authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1272

authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1391

authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1411

authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9

noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10

noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11

noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12

noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1931

authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1932

noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2019

authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2020

authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1091

noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1092

noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:106

authwp_ajax_emd_verify_emailincludes\login-register-functions.php:107

authwp_ajax_wp_ticket_com_send_deactivate_reasonincludes\plugin-feedback-functions.php:11

authwp_ajax_wp_ticket_com_show_ratemeincludes\plugin-feedback-functions.php:16

authwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:10

noprivwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:11

Shortcodes 2

[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:400

[support_tickets] includes\entities\emd-ticket-shortcodes.php:103

WordPress Hooks 124

actionemd_display_settings_notifyincludes\admin\class-emd-notifications.php:38

actionwp_dashboard_setupincludes\admin\dashboard-widgets.php:21

actionwp_ticket_com_getting_startedincludes\admin\getting-started.php:9

actionwp_ticket_com_settings_glossaryincludes\admin\glossary.php:9

actionemd_notifyincludes\admin\notify-actions.php:363

actionemd_change_notifyincludes\admin\notify-actions.php:364

actionlogin_redirectincludes\admin\notify-actions.php:365

filterwp_mail_from_nameincludes\admin\notify-actions.php:412

filterwp_mail_fromincludes\admin\notify-actions.php:419

actionemd_ext_registerincludes\admin\settings-functions-misc.php:11

filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12

actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13

actionemd_ext_registerincludes\admin\settings-functions.php:11

actionemd_show_settings_pageincludes\admin\settings-functions.php:12

actionemd_show_shortcodes_pageincludes\admin\shortcode-list-functions.php:4

actionemd_create_shc_with_filtersincludes\admin\shortcode-list-functions.php:53

actionadd_meta_boxesincludes\admin\singletax\class-emd-single-taxonomy.php:31

filterwp_terms_checklist_argsincludes\admin\singletax\class-emd-single-taxonomy.php:35

actionsave_postincludes\admin\singletax\class-emd-single-taxonomy.php:39

filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10

actionadmin_footerincludes\admin\wpas-btn-functions.php:11

filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222

filterposts_whereincludes\class-emd-query.php:91

filterposts_joinincludes\class-emd-query.php:94

filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59

filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60

filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61

filtersafe_style_cssincludes\class-emd-widget.php:57

actionadmin_initincludes\class-install-deactivate.php:21

actionwp_headincludes\class-install-deactivate.php:33

actionadmin_initincludes\class-install-deactivate.php:37

actionadmin_noticesincludes\class-install-deactivate.php:41

actiongenerate_rewrite_rulesincludes\class-install-deactivate.php:45

filterquery_varsincludes\class-install-deactivate.php:46

actionadmin_initincludes\class-install-deactivate.php:47

actionbefore_delete_postincludes\class-install-deactivate.php:52

actioninitincludes\class-install-deactivate.php:60

filtertiny_mce_before_initincludes\class-install-deactivate.php:65

actionwp_insert_postincludes\class-install-deactivate.php:152

actionp2p_created_connectionincludes\class-install-deactivate.php:157

actionwp_insert_postincludes\class-install-deactivate.php:173

actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12

actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22

filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48

actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50

actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282

actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:44

filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:775

actioninitincludes\emd-form-builder-lite\emd-form-functions.php:801

filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:1169

actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12

filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13

actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14

actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8

filteremd_lite_modalincludes\emd-lite\emd-lite.php:26

actioninitincludes\entities\class-emd-agent.php:27

actionadmin_initincludes\entities\class-emd-agent.php:31

actionadmin_initincludes\entities\class-emd-agent.php:35

actionsave_postincludes\entities\class-emd-agent.php:39

filterpost_updated_messagesincludes\entities\class-emd-agent.php:43

actionadmin_menuincludes\entities\class-emd-agent.php:47

actionadmin_head-edit.phpincludes\entities\class-emd-agent.php:51

actionadmin_menuincludes\entities\class-emd-agent.php:55

actionmanage_emd_agent_posts_custom_columnincludes\entities\class-emd-agent.php:61

filtermanage_emd_agent_posts_columnsincludes\entities\class-emd-agent.php:65

filterp2p_admin_box_showincludes\entities\class-emd-agent.php:70

filterpost_row_actionsincludes\entities\class-emd-agent.php:74

actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-agent.php:78

actionadmin_noticesincludes\entities\class-emd-agent.php:362

filterthe_titleincludes\entities\class-emd-agent.php:430

actionsave_postincludes\entities\class-emd-entity.php:96

actionsave_postincludes\entities\class-emd-entity.php:133

actioninitincludes\entities\class-emd-ticket.php:27

actionadmin_initincludes\entities\class-emd-ticket.php:31

filterwp_dropdown_usersincludes\entities\class-emd-ticket.php:35

actionsave_postincludes\entities\class-emd-ticket.php:39

filterwp_insert_post_dataincludes\entities\class-emd-ticket.php:43

filterpost_updated_messagesincludes\entities\class-emd-ticket.php:47

actionadmin_menuincludes\entities\class-emd-ticket.php:51

actionadmin_head-edit.phpincludes\entities\class-emd-ticket.php:55

actionmanage_emd_ticket_posts_custom_columnincludes\entities\class-emd-ticket.php:61

filtermanage_emd_ticket_posts_columnsincludes\entities\class-emd-ticket.php:65

filterenter_title_hereincludes\entities\class-emd-ticket.php:70

actionadmin_initincludes\entities\class-emd-ticket.php:74

filterpost_row_actionsincludes\entities\class-emd-ticket.php:78

actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-ticket.php:82

actionadmin_noticesincludes\entities\class-emd-ticket.php:617

filterthe_titleincludes\entities\class-emd-ticket.php:648

actionadmin_enqueue_scriptsincludes\entities\emd-agent-tabs.php:9

actionemd_mb_before_tab_emd_agent_0includes\entities\emd-agent-tabs.php:10

filteremd_mb_emd_agent_photo_begin_htmlincludes\entities\emd-agent-tabs.php:11

filteremd_mb_emd_agent_email_begin_htmlincludes\entities\emd-agent-tabs.php:12

actionemd_mb_after_tab_emd_agent_0includes\entities\emd-agent-tabs.php:13

actionwp_footerincludes\entities\emd-ticket-shortcodes.php:110

filterwidget_textincludes\entities\emd-ticket-shortcodes.php:119

filterwidget_textincludes\entities\emd-ticket-shortcodes.php:120

filteremd_limit_byincludes\filter-functions.php:10

filterprevious_post_linkincludes\filter-functions.php:243

filternext_post_linkincludes\filter-functions.php:244

filteremd_show_temp_sidebarincludes\layout-functions.php:166

actionemd_sidebarincludes\layout-functions.php:196

actionwidgets_initincludes\layout-functions.php:213

filteremd_show_temp_navigationincludes\layout-functions.php:290

filteremd_show_single_edit_linkincludes\layout-functions.php:320

filteremd_change_containerincludes\layout-functions.php:332

filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8

actionemd_show_login_register_formsincludes\login-register-functions.php:22

filterplugin_row_metaincludes\plugin-feedback-functions.php:9

filterplugin_action_linksincludes\plugin-feedback-functions.php:10

actionadmin_footerincludes\plugin-feedback-functions.php:14

actionadmin_noticesincludes\plugin-feedback-functions.php:17

actionadmin_post_wp-ticket-com_check_optinincludes\plugin-feedback-functions.php:18

filterposts_requestincludes\query-filters.php:9

filterpost_limitsincludes\query-filters.php:10

filterposts_orderbyincludes\query-filters.php:11

actionpre_get_postsincludes\query-filters.php:101

filterp2p_connectable_argsincludes\query-filters.php:118

actionadmin_enqueue_scriptsincludes\scripts.php:17

actionwp_enqueue_scriptsincludes\scripts.php:161

actionadmin_print_footer_scriptsincludes\scripts.php:244

filterthe_contentwp-ticket.php:58

actionadmin_menuwp-ticket.php:62

filtertemplate_includewp-ticket.php:66

actionwidgets_initwp-ticket.php:70

Maintenance & Trust

Customer Support Ticket System & Helpdesk Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 4, 2025

PHP min version

Downloads53K

Community Trust

Rating86/100

Number of ratings27

Active installs500

Alternatives

Customer Support Ticket System & Helpdesk Plugin for WordPress Alternatives

NexlifyDesk

nexlifydesk

100

Enterprise-grade WordPress helpdesk solution with intelligent ticket management, email piping, agent workflows, and WooCommerce integration.

0 No CVEs

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

The most versatile and feature-rich help desk and support plugin for WordPress. Provide awesome support directly from your WordPress site.

7K 24 CVEs

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

majestic-support

Majestic Support for WordPress is a top-tier ticket system that can significantly enhance your customers' support experience.

2K 1 unpatched

Nirweb support

nirweb-support

NirWeb support is a great help desk and support plugin for WordPress with full support of WooCommerce

1K 1 unpatched

Developer Profile

Customer Support Ticket System & Helpdesk Plugin for WordPress Developer Profile

emarket-design

10 plugins · 4K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

251 days

View full developer profile

Detection Fingerprints

How We Detect Customer Support Ticket System & Helpdesk Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-ticket/assets/css/emd-form-builder-lite.css/wp-content/plugins/wp-ticket/assets/css/emd-lite.css/wp-content/plugins/wp-ticket/assets/css/wp-ticket-public.css/wp-content/plugins/wp-ticket/assets/js/emd-form-builder-lite.js/wp-content/plugins/wp-ticket/assets/js/emd-lite.js/wp-content/plugins/wp-ticket/assets/js/wp-ticket-public.js/wp-content/plugins/wp-ticket/assets/js/wp-ticket-admin.js

Script Paths

/wp-content/plugins/wp-ticket/assets/js/wp-ticket-public.js/wp-content/plugins/wp-ticket/assets/js/wp-ticket-admin.js

Version Parameters

wp-ticket/assets/css/emd-form-builder-lite.css?ver=wp-ticket/assets/css/emd-lite.css?ver=wp-ticket/assets/css/wp-ticket-public.css?ver=wp-ticket/assets/js/emd-form-builder-lite.js?ver=wp-ticket/assets/js/emd-lite.js?ver=wp-ticket/assets/js/wp-ticket-public.js?ver=wp-ticket/assets/js/wp-ticket-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

emd-ticket-formemd-ticket-subjectemd-ticket-priorityemd-ticket-statusemd-ticket-descriptionemd-ticket-submitemd-ticket-detailsemd-ticket-creator+5 more

HTML Comments

Data Attributes

data-emd-form-builderdata-emd-lite

JS Globals

wpTicketPublicwpTicketAdmin

REST Endpoints

/wp-json/wp-ticket-com/v1/submit-ticket

Shortcode Output

[wp_ticket_form][wp_ticket_list][wp_ticket_details]

FAQ

Customer Support Ticket System & Helpdesk Plugin for WordPress Security & Risk Analysis

Is Customer Support Ticket System & Helpdesk Plugin for WordPress Safe to Use in 2026?

Generally Safe

Key Concerns

Customer Support Ticket System & Helpdesk Plugin for WordPress Security Vulnerabilities

CVEs by Year

Severity Breakdown

Customer Support Ticket System & Helpdesk Plugin for WordPress Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Customer Support Ticket System & Helpdesk Plugin for WordPress Attack Surface

AJAX Handlers 30

Shortcodes 2

Customer Support Ticket System & Helpdesk Plugin for WordPress Maintenance & Trust

Maintenance Signals

Community Trust

Customer Support Ticket System & Helpdesk Plugin for WordPress Alternatives

NexlifyDesk

Fluent Support – Helpdesk & Customer Support Ticket System

Awesome Support – WordPress HelpDesk & Support Plugin

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

Nirweb support

Customer Support Ticket System & Helpdesk Plugin for WordPress Developer Profile

How We Detect Customer Support Ticket System & Helpdesk Plugin for WordPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Customer Support Ticket System & Helpdesk Plugin for WordPress