PT-2022-9480 · WordPress · Supportcandy
Name of the Vulnerable Software and Affected Versions: SupportCandy WordPress plugin versions prior to 2.2.5 Description: The issue is related to the lack of authorisation and CSRF checks in the wpsc tickets AJAX action, which could allow unauthenticated users to delete arbitrary tickets via the...