CVE-2024-12443

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout
<p>Show user tickets from <a href="https://www.helpscout.net/" rel="nofollow ugc">HelpScout</a>, <a href="https://www.zendesk.com/" rel="nofollow ugc">ZenDesk</a>, <a href="https://freshdesk.com/" rel="nofollow ugc">FreshDesk</a> and <a href="https://www.teamworkdesk.com/" rel="nofollow ugc">Teamwork Desk</a> in wordpress. Users can create new support tickets and reply to old tickets from wordpress. Learn more at <a href="https://www.crmperks.com/plugins/support-plugins/support-x/?utm_source=wordpress&amp;utm_medium=directory&amp;utm_campaign=supportx+readme" rel="nofollow ugc">crmperks.com</a></p> <h3>Supported Ticket Systems</h3> <ul> <li><a href="https://www.helpscout.net/" rel="nofollow ugc">HelpScout</a></li> <li><a href="https://www.zendesk.com/" rel="nofollow ugc">ZenDesk</a></li> <li><a href="https://freshdesk.com/" rel="nofollow ugc">FreshDesk</a></li> <li><a href="https://www.teamworkdesk.com/" rel="nofollow ugc">Teamwork Desk</a></li> </ul> <h3>Key Features</h3> <ul> <li>Display all tickets related to a user in table form.</li> <li>You can use shortcode to display a &#8216;Create a Ticket&#8217; form and all tickets related to a user.</li> <li>You can prevent spams by enabling Google reCaptcha before submitting a ticket.</li> <li>Displays user tickets and &#8216;Create a Ticket&#8217; form in &#8220;my-account&#8221; section of WooCommerce.</li> <li>Plugin works with WooCommerce and HelpScout. When viewing a ticket in helpScout, It displays all WooCommerce orders of that user in Help Scout.</li> </ul> <span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/k2QEsmGSYU8?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span> <blockquote> <p><strong>Premium Version.</strong></p> <p>Following features are available in Premium version only.<a href="https://www.crmperks.com/plugins/support-plugins/support-x/?utm_source=wordpress&amp;utm_medium=directory&amp;utm_campaign=supportx+readme" rel="nofollow ugc">WordPress HelpDesk Integration Pro</a>.</p> <ul> <li>Phone Number field</li> <li>File Attachments</li> <li>Custom Fields</li> <li>Ticket Tags</li> </ul> </blockquote>
WordPress Plugin DirectoryWordPress Plugin Directory
6.23K