162 matches found
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24878 info: name: SupportCandy 2.2.7 - Reflected Cross-Site...
CVE-2026-57711
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...
CVE-2026-57711 WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...
CVE-2026-57711
CVE-2026-57711 concerns the WordPress plugin SupportCandy
SupportCandy < 3.1.5 - Unauthenticated SQL Injection
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. id: CVE-2023-1730 info: name: SupportCandy 3.1.5 - Unauthenticated SQL Injection author:...
WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abduljalal Saminu in WordPress Plugin SupportCandy versions = 3.4.8...
CVE-2026-54826 WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability
Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...
EUVD-2026-39673
Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...
CVE-2026-54826
CVE-2026-54826 affects the WordPress SupportCandy plugin up to version 3.4.6, with an Insecure Direct Object References (IDOR) vulnerability. Root cause: insecure direct object references allowing unauthorized access to objects. Impact: CVSS 3.1 base score 7.6 (High)—confidentiality impact High, ...
PT-2026-52728
Name of the Vulnerable Software and Affected Versions SupportCandy versions prior to 3.4.7 Description An Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input, potentially allowing unauthorized access to data...
WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...
CVE-2026-25321
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...
CVE-2026-25321
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...
CVE-2026-25321
CVE-2026-25321 concerns a Missing Authorization vulnerability in the WordPress SupportCandy plugin (versions
CVE-2026-25321
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...
CVE-2026-25321 WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...
CVE-2026-25321 WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...
PT-2026-20691
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...
WordPress plugin SupportCandy 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter vulnerability
WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin = 3.4.4 - Authenticated Subscriber+ SQL Injection via Number Field Filter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin SupportCandy versions = 3.4.4...