CVE-2026-11589
WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload
Vexday Risk Score
41Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 8.8EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
30 jun 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Productos afectados
Unknown · WP Support Plus Responsive Ticket SystemPoCs públicas encontradas — 1
cve_referencewpscan.com/vulnerability/c46479c2-4eef-485f-ae98-1f487efa4263/no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.