CVE-2026-11589

UNKNOWN 0.0

WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.

Vendor	unknown
Product	wp support plus responsive ticket system
Published	Jun 30, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wp support plus responsive ticket system

Be the first to know when new unknown vulnerabilities affecting unknown wp support plus responsive ticket system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / WP Support Plus Responsive Ticket System

0 ≤ 9.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/c46479c2-4eef-485f-ae98-1f487efa4263/

Credits

Ayush Srivastava WPScan