Lucene search
K

158 matches found

Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49972

Name of the Vulnerable Software and Affected Versions SupportCandy versions through 3.4.1 Description A Cross-Site Request Forgery CSRF issue exists in PSM Plugins SupportCandy. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge...

4.3CVSS6.5AI score0.00098EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

WordPress plugin SupportCandy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.6AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11755

Malware in sbrugna...

6.5CVSS6.5AI score0.00531EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-11790

Malware in sbrugna...

6.1CVSS6.2AI score0.01165EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-34183

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.01203EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-25165

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6247

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/22 7:33 a.m.11 views

CVE-2025-10658

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS6.2AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2025/09/20 7:15 a.m.3 views

CVE-2025-10658

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS0.00318EPSS
Exploits0References4
CVE
CVE
added 2025/09/20 6:43 a.m.26 views

CVE-2025-10658

CVE-2025-10658 affects the WordPress plugin SupportCandy – Helpdesk & Customer Support Ticket System, versions

6.5CVSS5.8AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/20 6:43 a.m.2 views

CVE-2025-10658 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/20 6:43 a.m.12 views

CVE-2025-10658 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS0.00318EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/09/20 12:8 a.m.6 views

WordPress SupportCandy plugin <= 3.3.7 - Authentication Bypass to Support Session Takeover vulnerability

Authentication Bypass to Support Session Takeover vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin SupportCandy versions = 3.3.7...

6.5CVSS6.7AI score0.00318EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/20 12:0 a.m.5 views

PT-2025-38633

Name of the Vulnerable Software and Affected Versions SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress versions up to and including 3.3.7 Description The SupportCandy plugin for WordPress is susceptible to authentication bypass due to missing rate limiting on One-Time...

6.5CVSS6.5AI score0.00318EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/20 12:0 a.m.3 views

WordPress plugin SupportCandy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.8AI score0.00318EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.9 views

CVE-2024-27991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3...

6.5CVSS8.6AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.9 views

CVE-2023-2805

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.4AI score0.0085EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.6 views

CVE-2023-1730

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

9.8CVSS8AI score0.40586EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.8 views

CVE-2023-2719

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...

8.8CVSS7.8AI score0.01203EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.9 views

CVE-2021-24879

The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored...

8.8CVSS6.2AI score0.00612EPSS
Exploits2References1
Rows per page
Query Builder