CVE-2024-7094
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress servers running the JS Help Desk plugin. Attackers can achieve full server compromise by exploiting insufficient input sanitization in the 'storeTheme' function. All WordPress sites using JS Help Desk plugin versions up to 2.8.6 are affected.
💻 Affected Systems
- JS Help Desk – The Ultimate Help Desk & Support Plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover with attacker gaining full administrative access, data theft, malware deployment, and persistent backdoor installation.
Likely Case
Website defacement, data exfiltration, cryptocurrency mining, or ransomware deployment on vulnerable servers.
If Mitigated
Limited impact with proper network segmentation, but still potential for plugin-level compromise.
🎯 Exploit Status
The vulnerability requires no authentication and involves simple HTTP requests to trigger code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.8.7
Vendor Advisory: https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.7
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'JS Help Desk' plugin
4. Click 'Update Now' to version 2.8.7 or higher
5. Verify update completes successfully
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the JS Help Desk plugin until patching is possible
wp plugin deactivate js-support-ticket
Web Application Firewall rule
allBlock requests to the vulnerable storeTheme function
Add WAF rule to block POST requests containing 'storeTheme' parameter
🧯 If You Can't Patch
- Disable the JS Help Desk plugin immediately
- Implement strict network segmentation to isolate the WordPress server
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → JS Help Desk → Version number. If version is 2.8.6 or lower, system is vulnerable.Check Version:
wp plugin get js-support-ticket --field=versionVerify Fix Applied:
Verify plugin version is 2.8.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with 'storeTheme' parameter
- Unexpected PHP file creation/modification in plugin directories
- Suspicious process execution from web server user
Network Indicators:
- HTTP requests containing PHP code in parameters
- Outbound connections from web server to unknown IPs
SIEM Query:
source="web_server_logs" AND (uri="/wp-admin/admin-ajax.php" AND param="storeTheme")🔗 References
- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/css/style.php
- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/formhandler.php
- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/controller.php
- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/model.php
- https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/tpls/admin_themes.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=cve
