VYPR

Fusedesk

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-1914MedMar 21, 2026
    risk 0.42cvss 6.4epss 0.00

    The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk_newcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible…

  • CVE-2024-13459MedFeb 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesk_newcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2025-3832MedApr 24, 2025
    risk 0.35cvss 6.4epss 0.00

    The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…