📦 Supportcandy

Name: Supportcandy
Author: Supportcandy

by Supportcandy

🔍 What is Supportcandy?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2023-1730

CRITICAL CVSS 9.8 May 2, 2023

CVE-2023-1730 is a critical SQL injection vulnerability in the SupportCandy WordPress plugin. Unauthenticated attackers can exploit this to execute arbitrary SQL commands on affected WordPress sites. ...

CVE-2023-2719

HIGH CVSS 8.8 Jun 19, 2023

This SQL injection vulnerability in the SupportCandy WordPress plugin allows attackers with Subscriber-level access to execute arbitrary SQL commands. It affects WordPress sites using vulnerable versi...

CVE-2023-2805

HIGH CVSS 7.2 Jun 19, 2023

This SQL injection vulnerability in the SupportCandy WordPress plugin allows authenticated high-privilege users (like administrators) to execute arbitrary SQL commands on the database. Attackers with ...

CVE-2021-24879

HIGH CVSS 8.8 Feb 7, 2022

This vulnerability in the SupportCandy WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that can set malicious filters containing Cross-Site Scripting (XSS) paylo...