CVE-2026-0683

CVE-2026-0683 (SupportCandy – WordPress) : Wordfence reports a SQL Injection in the SupportCandy plugin through the Number field filter, affecting all versions up to 3.4.4. Exploitation requires Subscriber+ (authenticated) access and can lead to extraction of sensitive data. The issue stems from ...

CVE-2026-0683

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...

EUVD-2026-5081

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...

CVE-2026-0683 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...

PT-2026-5503

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...

WordPress Plugin SupportCandy – Helpdesk & Customer Support Ticket System SQL Injection Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Plugin SupportCandy security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin = 3.4.4 - Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Theklis - Sentrium Security Ltd in WordPress Plugin SupportCandy versions = 3.4.4...

WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SupportCandy versions = 3.4.4...

CVE-2025-67598

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

CVE-2025-67598

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

CVE-2025-67598 WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

CVE-2025-67598

CVE-2025-67598 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin SupportCandy (PSM Plugins) affecting versions up to and including 3.4.1 . The CVE details show a Medium base impact (CVSS 3.1: 4.3) with network attack vector, no confidentiality impact, and user interacti...

EUVD-2025-202055

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

CVE-2025-67598 WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

WordPress plugin SupportCandy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-49972

Name of the Vulnerable Software and Affected Versions SupportCandy versions through 3.4.1 Description A Cross-Site Request Forgery CSRF issue exists in PSM Plugins SupportCandy. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge...

EUVD-2021-11790

Malware in sbrugna...

EUVD-2021-11755

Malware in sbrugna...

EUVD-2025-6247

Malicious code in bioql PyPI...