CVE-2026-11589 | The WP Support Plus Responsive Ticket System WordPress plugi…

Description

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.

Metadata

CVE ID: CVE-2026-11589
State: PUBLISHED
Assigner: WPScan
Reserved: 2026-06-08 13:39 UTC
Published: 2026-06-30 06:00 UTC
Last updated: 2026-06-30 06:00 UTC
Vendor / Product: Unknown / WP Support Plus Responsive Ticket System
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Unknown	WP Support Plus Responsive Ticket System	—	0 ≤ 9.1.2

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-79 Cross-Site Scripting (XSS)

References (1)

https://wpscan.com/vulnerability/c46479c2-4eef-485f-ae98-1f487efa4263/