CVE-2026-1251
CVE-2026-1251 describes an Insecure Direct Object Reference in the WordPress plugin SupportCandy – Helpdesk & Customer Support Ticket System (versions up to and including 3.4.4). The vulnerability allows an authenticated attacker with subscriber-level access or higher to steal attachments uploade...