These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-48887 is a MEDIUM severity vulnerability (CVSS score 6.5) in the JS Help Desk plugin versions <= 3.0.9. The vulnerability is caused by unauthenticated broken access control. According to [ref-4](https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-3-0-9-broken-access-control-vulnerability?_s_id=cve), the issue was reported by audit@patchst [truncated]
CVE-2026-48886 is a critical vulnerability in the JS Help Desk plugin for WordPress, affecting versions up to and including 3.0.9. This vulnerability allows for unauthenticated SQL injection, which can lead to severe consequences, including unauthorized access to sensitive data. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.3, indicating a critical severity level. The vu [truncated]
CVE-2026-48880 is a Cross Site Scripting (XSS) vulnerability in the WP Job Portal plugin for WordPress, affecting versions up to and including 2.5.2. This vulnerability has a CVSS score of 6.5 and a CVSS severity of MEDIUM. The vulnerability allows subscribers to execute XSS attacks.
CVE-2026-40772 is a critical vulnerability (CVSS Score: 10) in the GeekyBot plugin versions <= 1.2.2. This vulnerability allows unauthenticated arbitrary file uploads, posing a significant risk to affected systems.
CVE-2026-39519 is a critical unauthenticated SQL injection vulnerability in the GeekyBot plugin versions <= 1.2.0. The vulnerability has a CVSS score of 9.3 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-39519). The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-39519).