158 matches found
CVE-2021-24880 SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2021-24879 SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored...
CVE-2021-24879
CVE-2021-24879 affects the WordPress SupportCandy plugin prior to 2.2.7. The vulnerability stems from missing CSRF protection in the wpsc_tickets AJAX action and insufficient sanitisation/escaping in several filter fields, allowing a logged-in attacker to craft a filter stored in cookies that con...
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24843
The CVE refers to the WordPress plugin SupportCandy (before 2.2.7) where the wpsc_tickets AJAX action lacks a CSRF check. This allows a logged-in attacker to trigger a request (via the set_delete_permanently_bulk_ticket setting_action) and delete arbitrary tickets. Root cause: missing CSRF protec...
CVE-2021-24878
The CVE-2021-24878 entry concerns the WordPress plugin SupportCandy (before 2.2.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by failing to sanitize/escape the query string when outputting it back in pages using the [wpsc_create_ticket] shortcode embed. Impact descri...
CVE-2021-24843 SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...
CVE-2021-24839 SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsctickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. Other actions may be affected as well...
CVE-2021-24839
CVE-2021-24839 affects the SupportCandy WordPress plugin pre-2.2.5. The wpsc_tickets AJAX action lacks authorization and CSRF checks, enabling unauthenticated remote calls to delete arbitrary tickets via set_delete_permanently_bulk_ticket (and possibly affecting other actions). NVD lists CVSSv3.1...
Wordpress Plugin SupportCandy 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...
Wordpress Plugin SupportCandy 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in Wordpress Plugin SupportCandy, which stems from the product's failure to effectively hand...
Wordpress Plugin SupportCandy 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...
PT-2022-9480 · WordPress · Supportcandy
Name of the Vulnerable Software and Affected Versions: SupportCandy WordPress plugin versions prior to 2.2.5 Description: The issue is related to the lack of authorisation and CSRF checks in the wpsc tickets AJAX action, which could allow unauthenticated users to delete arbitrary tickets via the...
PT-2022-9489
Name of the Vulnerable Software and Affected Versions: SupportCandy WordPress plugin versions prior to 2.2.7 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape the query string before outputting it back...
SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue Note: the ticket-creation page is the one with the wpsccreateticket shortcode embed...
SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
The plugin does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. PoC...
SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion
The plugin does not have authorisation and CRSF checks in its wpsctickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. Other actions may be affected as well. POST /wp-admin/admin-ajax.php HTTP/1....
WordPress SupportCandy plugin <= 2.2.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...
WordPress SupportCandy plugin <= 2.2.6 - Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Ticket Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...
SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion
The plugin does not have authorisation and CRSF checks in its wpsctickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. Other actions may be affected as well. PoC POST /wp-admin/admin-ajax.php...