PatchSiren cyber security CVE debrief
CVE-2026-48887 Ahmad CVE debrief
CVE-2026-48887 is a MEDIUM severity vulnerability (CVSS score 6.5) in the JS Help Desk plugin versions <= 3.0.9. The vulnerability is caused by unauthenticated broken access control. According to [ref-4](https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-3-0-9-broken-access-control-vulnerability?_s_id=cve), the issue was reported by [email protected] and is categorized under CWE-862.
- Vendor
- Ahmad
- Product
- JS Help Desk
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of JS Help Desk plugin versions <= 3.0.9 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. It was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-48887) and detailed on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-48887).
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to JS Help Desk plugin to version > 3.0.9
- Review and restrict access controls for the plugin
Evidence notes
Vendor and product information is not confirmed. The CVE is categorized as 'Deferred' on the NVD. See [source-item](https://services.nvd.nist.gov/rest/json/cves/2.0?lastModStartDate=2026-06-15T18%3A45%3A52.000Z&lastModEndDate=2026-06-16T08%3A00%3A58.000Z) for source details.
Official resources
-
CVE-2026-48887 CVE record
CVE.org
-
CVE-2026-48887 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48887 was published on 2026-06-15T21:17:17.967Z and modified on 2026-06-15T21:24:32.790Z.