This information is sourced from wpvulnerabilities.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
The SupportCandy plugin for WordPress is not secure in versions up to, and including, 3.1.6. An attacker can use the 'id' parameter in the /wp-json/supportcandy/v2/agents/ REST route to send addition...
Read MoreThe SupportCandy plugin for WordPress is vulnerable to security risks in versions up to 3.1.6. Unauthenticated attackers can use a parameter called 'agents[]' to add extra commands to existing SQL qu...
Read MoreThe SupportCandy plugin for WordPress had a security issue before version 2.2.7. People with a low level of access such as Contributor could use it to perform an attack called Cross-Site Scripting. Th...
Read MoreA security issue has been discovered in the SupportCandy plugin
Read MoreThe SupportCandy WordPress plugin had a security flaw before version 2.2.5. This flaw meant that unauthorized people could use a setting called “set_delete_permanently_bulk_ticket” to delete ticke...
Read MoreThe SupportCandy WordPress plugin before version 2.2.7 was vulnerable to attack. If an attacker was logged in as an administrator
Read MoreThe SupportCandy plugin for WordPress has a security flaw that could let unauthenticated attackers access sensitive information from the database. This is because the 'parse_user_filters' function in ...
Read MoreThe SupportCandy plugin for WordPress can be a security risk in certain versions. When users of the plugin need help, they can upload documents to the plugin. This puts the documents in a specific fo...
Read MoreThe SupportCandy plugin for WordPress websites had a security issue in versions before 2.2.7. This could allow someone to access the ticket lists dashboard and set up a filter with malicious code. Thi...
Read More