Lucene search
K

162 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57711

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...

6.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57711

CVE-2026-57711 concerns the WordPress plugin SupportCandy

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57711 WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...

6.5CVSS0.00224EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday96 views

SupportCandy < 3.1.5 - Unauthenticated SQL Injection

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. id: CVE-2023-1730 info: name: SupportCandy 3.1.5 - Unauthenticated SQL Injection author:...

9.8CVSS7.1AI score0.40586EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday44 views

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24878 info: name: SupportCandy 2.2.7 - Reflected Cross-Site...

6.1CVSS6.4AI score0.01165EPSS
Exploits2References3
Patchstack
Patchstack
added 4 days ago5 views

WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abduljalal Saminu in WordPress Plugin SupportCandy versions = 3.4.8...

6.5CVSS6.1AI score0.00224EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-54826

CVE-2026-54826 affects the WordPress SupportCandy plugin up to version 3.4.6, with an Insecure Direct Object References (IDOR) vulnerability. Root cause: insecure direct object references allowing unauthorized access to objects. Impact: CVSS 3.1 base score 7.6 (High)—confidentiality impact High, ...

7.6CVSS5.8AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-54826 WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...

7.6CVSS0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39673

Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...

7.6CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52728

Name of the Vulnerable Software and Affected Versions SupportCandy versions prior to 3.4.7 Description An Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input, potentially allowing unauthorized access to data...

7.6CVSS5.8AI score0.00288EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/17 1:59 p.m.6 views

WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...

7.6CVSS5.8AI score0.00288EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.4 views

CVE-2026-25321

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.4 views

CVE-2026-25321

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:26 a.m.12 views

CVE-2026-25321

CVE-2026-25321 concerns a Missing Authorization vulnerability in the WordPress SupportCandy plugin (versions

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:26 a.m.5 views

CVE-2026-25321

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

5.5AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 8:26 a.m.27 views

CVE-2026-25321 WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

5.3CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.2 views

CVE-2026-25321 WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20691

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

5.5AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

WordPress plugin SupportCandy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 7:24 a.m.9 views

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter vulnerability

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin = 3.4.4 - Authenticated Subscriber+ SQL Injection via Number Field Filter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin SupportCandy versions = 3.4.4...

6.5CVSS5.7AI score0.00343EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder