CVE-2023-50839: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2023-50839) was discovered in JS Help Desk – Best Help Desk & Support Plugin affecting versions up to and including 2.8.1. The vulnerability was reported by Fariq Fadillah Gusti Insani on September 15, 2023, and was publicly disclosed on December 21, 2023 (Patchstack Report).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a score of 9.3 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L (NVD Database).

The SQL Injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information, data manipulation, and system compromise. The high CVSS scores indicate critical severity, suggesting significant potential impact on the confidentiality, integrity, and availability of the affected systems (Patchstack Report).

Users are advised to update to version 2.8.2 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack Report).