SupportCandy – Helpdesk & Customer Support Ticket System

Authentication vulnerability in SupportCandy – Helpdesk & Customer Support Ticket System 3.3.7

A popular plugin called SupportCandy, used for customer support tickets on WordPress websites, has a security flaw. This flaw allows hackers to bypass the authentication process and access customer s...

Access violation vulnerability in SupportCandy – Helpdesk & Customer Support Ticket System 3.3.0

The SupportCandy plugin for WordPress, which helps with customer support tickets, has a security vulnerability that allows unauthorized access to attachments. This means that someone who is not suppo...

Input validation vulnerability in SupportCandy – Helpdesk & Customer Support Ticket System 3.2.3

The SupportCandy plugin for WordPress has a security issue that allows hackers to inject harmful code onto web pages. This can only be done by someone who has access to the website and has at least s...

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 3.1.6

The SupportCandy plugin for WordPress is not secure in versions up to, and including, 3.1.6. An attacker can use the 'id' parameter in the /wp-json/supportcandy/v2/agents/ REST route to send addition...

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 3.1.6

The SupportCandy plugin for WordPress is vulnerable to security risks in versions up to 3.1.6. Unauthenticated attackers can use a parameter called 'agents[]' to add extra commands to existing SQL qu...

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 2.2.7

The SupportCandy plugin for WordPress had a security issue before version 2.2.7. People with a low level of access such as Contributor could use it to perform an attack called Cross-Site Scripting. Th...

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 2.0.1

A security issue has been discovered in the SupportCandy plugin

Access violation vulnerability in SupportCandy – Helpdesk & Support Ticket System 2.2.4

The SupportCandy WordPress plugin had a security flaw before version 2.2.5. This flaw meant that unauthorized people could use a setting called “set_delete_permanently_bulk_ticket” to delete ticke...

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 2.2.7

The SupportCandy WordPress plugin before version 2.2.7 was vulnerable to attack. If an attacker was logged in as an administrator

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 2.2.6

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 3.1.4

The SupportCandy plugin for WordPress has a security flaw that could let unauthenticated attackers access sensitive information from the database. This is because the 'parse_user_filters' function in ...

Access violation vulnerability in SupportCandy – Helpdesk & Support Ticket System 3.1.3

The SupportCandy plugin for WordPress can be a security risk in certain versions. When users of the plugin need help, they can upload documents to the plugin. This puts the documents in a specific fo...

Input validation vulnerability in SupportCandy – Helpdesk & Support Ticket System 2.2.7

The SupportCandy plugin for WordPress websites had a security issue in versions before 2.2.7. This could allow someone to access the ticket lists dashboard and set up a filter with malicious code. Thi...