Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-1251 - Supportcandy Plugin
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to steal file attachments uploaded by other users by specifying arbitrary attachment IDs in the 'description_attachments' parameter, re-associating those files to their own tickets and removing access from the original owners.
PLUGIN
Supportcandy
CVE-2026-1251
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0683 - Supportcandy Plugin
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals operator and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above (customers), to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Supportcandy
CVE-2026-0683
Risk Score
Threat Entry
Updated 2025-09-22
CVE-2025-10658 - Supportcandy Plugin
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers to bypass authentication and gain unauthorized access to customer support tickets by brute forcing the 6-digit OTP code.
PLUGIN
Supportcandy
CVE-2025-10658
Risk Score
Threat Entry
Updated 2025-03-07
CVE-2024-13552 - Supportcandy Plugin
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to download attachments for support tickets that don't belong to them. If an admin enables tickets for guests, this can be exploited by unauthenticated attackers.
PLUGIN
Supportcandy
CVE-2024-13552
Risk Score
Threat Entry
Updated 2024-12-12
CVE-2023-2719 - Supportcandy Plugin
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
PLUGIN
Supportcandy
CVE-2023-2719
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2805 - Supportcandy Plugin
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
PLUGIN
Supportcandy
CVE-2023-2805
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2023-1730 - Supportcandy Plugin
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks
PLUGIN
Supportcandy
CVE-2023-1730
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24879 - Supportcandy Plugin
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it.
PLUGIN
Supportcandy
CVE-2021-24879
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24843 - Supportcandy Plugin
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.
PLUGIN
Supportcandy
CVE-2021-24843
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24878 - Supportcandy Plugin
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue
PLUGIN
Supportcandy
CVE-2021-24878
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24880 - Supportcandy Plugin
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
PLUGIN
Supportcandy
CVE-2021-24880
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24839 - Supportcandy Plugin
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
PLUGIN
Supportcandy
CVE-2021-24839
Risk Score