153 matches found
CVE-2024-13552
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to...
CVE-2024-13552
CVE-2024-13552 affects the WordPress plugin SupportCandy – Helpdesk & Customer Support Ticket System (
CVE-2024-13552 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to...
CVE-2024-13552 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to...
WordPress plugin SupportCandy 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An authorization issue...
WordPress SupportCandy plugin <= 3.3.0 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin SupportCandy versions = 3.3.0...
CVE-2024-27991
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3...
WordPress Plugin SupportCandy 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-27991 WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3...
CVE-2024-27991 WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3...
PT-2024-22189 · Unknown · Supportcandy
Name of the Vulnerable Software and Affected Versions: SupportCandy versions 3.2.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the website,...
SupportCandy < 3.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The SupportCandy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...
WordPress SupportCandy Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)
Software SupportCandy Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27991 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64d8fa37173c Credits Mochamad Sofyan Required privilege...
The vulnerability of the `parse_user_filters` function in the SupportCandy plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.
The vulnerability of the parseuserfilters function in the SupportCandy plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
CVE-2023-2805
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2719
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...
CVE-2023-2719
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...
CVE-2023-2805
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Sql injection
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...
Sql injection
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...