Vendor
The JS Help Desk WordPress plugin versions 3.0.4 and earlier are vulnerable to SQL injection via the `multiformid` parameter in the `storeTickets()` function, allowing unauthenticated attackers to extract sensitive information from the database.