Vulnerability in Wp Support Plus Responsive Ticket System
CVE-2026-11589
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly acces…
EPSS: 0.002 (7.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Unknown Wp Support Plus Responsive Ticket System — versions 0
References
- contact@wpscan.com (technical-description, exploit, vdb-entry)
Frequently asked questions
- What is CVE-2026-11589?
- CVE-2026-11589 is a high-severity vulnerability in Wp Support Plus Responsive Ticket System, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). CVSS score: 8.8/10. Published 2026-06-30.
- How severe is CVE-2026-11589?
- High severity. CVSS v3 base score is 8.8 out of 10.