CVE-2023-2805 SupportCandy < 3.1.7 - Admin+ SQLi

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2805

CVE-2023-2805 affects the WordPress plugin SupportCandy (before 3.1.7). The vulnerability is a SQL injection in the set_add_agent_leaves AJAX handler which fails to sanitize and escape the agents[] parameter before building a SQL statement. The underlying issue is improper handling of user-contro...

CVE-2023-2805 SupportCandy < 3.1.7 - Admin+ SQLi

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2719 SupportCandy < 3.1.7 - Subscriber+ SQLi

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...

CVE-2023-2719 SupportCandy < 3.1.7 - Subscriber+ SQLi

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...

CVE-2023-2719

CVE-2023-2719 concerns the WordPress plugin SupportCandy prior to version 3.1.7. The issue is an SQL Injection caused by insufficient sanitization/escaping of the REST API Agent endpoint’s id parameter before it is used in an SQL statement. This can be exploited by users with as little as a Subsc...

PT-2023-20994 · WordPress · Supportcandy

Name of the Vulnerable Software and Affected Versions: SupportCandy WordPress plugin versions prior to 3.1.7 Description: The issue concerns a lack of proper sanitization and escaping of the id parameter for an Agent in the REST API, which can lead to an SQL Injection. This can be exploited by...

WordPress SupportCandy Plugin < 3.1.7 is vulnerable to SQL Injection

Software SupportCandy Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2805 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a697ebaed446 Credits dc11 Required privilege Administrator Published 19 June...

WordPress SupportCandy Plugin < 3.1.7 is vulnerable to SQL Injection

Software SupportCandy Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2719 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c15c7e980643 Credits dc11 Required privilege Subscriber Published 19 June,...

WordPress Plugin SupportCandy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-1730

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

CVE-2023-1730

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

Sql injection

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

CVE-2023-1730 SupportCandy < 3.1.5 - Unauthenticated SQLi

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

CVE-2023-1730

CVE-2023-1730 affects the WordPress plugin SupportCandy (before 3.1.5). The vulnerability is an SQL injection caused by not validating/escaping user input before it is used in SQL statements, enabling unauthenticated attackers to execute arbitrary queries. The issue is evidenced by multiple sourc...

CVE-2023-1730 SupportCandy < 3.1.5 - Unauthenticated SQLi

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

WordPress plugin SupportCandy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress SupportCandy Plugin < 3.1.5 is vulnerable to SQL Injection

Software SupportCandy Type Plugin Vulnerable versions 3.1.5 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1730 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 07f317999cc8 Credits dc11 Required privilege Unauthenticated Published 13...

PT-2023-6370 · Unknown · Supportcandy

Name of the Vulnerable Software and Affected Versions: SupportCandy versions prior to 3.1.5 Description: The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable...

Wordpress Plugin SupportCandy跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in Wordpress Plugin SupportCandy, which stems from the product's failure to effectively hand...