Vulnerability in Wp Support Plus Responsive Ticket System

CVE-2026-11589

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly acces…

EPSS: 0.002 (7.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

  • Unknown Wp Support Plus Responsive Ticket System — versions 0

References

Frequently asked questions

What is CVE-2026-11589?
CVE-2026-11589 is a high-severity vulnerability in Wp Support Plus Responsive Ticket System, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). CVSS score: 8.8/10. Published 2026-06-30.
How severe is CVE-2026-11589?
High severity. CVSS v3 base score is 8.8 out of 10.