Product
supportcandy
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-2805
CVE-2023-2719
CVE-2023-1730
CVE-2021-24880
CVE-2021-24879
CVE-2021-24878
CVE-2021-24843
CVE-2021-24839
CVE-2019-11223
< 3.1.7
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_l
< 3.1.7
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the
id parameter for an Agent in the REST A< 3.1.5
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which
< 2.2.7
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow
< 2.2.7
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation
< 2.2.7
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages wi
< 2.2.7
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attacke
< 2.2.5
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which
<= 2.0.0
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execut