cleantalk
Vulnerabilities and Security Researches

SupportCandy – Helpdesk & Customer Support Ticket System, CVE-2026-25321

CVE, Research URL

CVE-2026-25321

Home page URL

Security reports for SupportCandy – Helpdesk & Customer Support Ticket System

Application

SupportCandy – Helpdesk & Customer Support Ticket System

Published on
Feb 19, 2026
Research Description
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
Affected versions
max 3.4.4.
Status
vulnerable
Previous vulnerability researches
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2025-53197) , Jul 03, 2025
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2026-25407) , Feb 27, 2026
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2025-1666) , Mar 06, 2025
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (6082e79a28c37bc70662b5ec82c1fb8eccc2fbc4) , Jun 07, 2024
New vulnerability
WPForms Google Sheet Connector (CVE-2025-67979) , Feb 27, 2026
Page Builder &#8211; AIO WP Builder: #1 Website Builder for WordPress (CVE-2025-53217) , Feb 27, 2026
WooCommerce Google Analytics Integration By Advanced WC Analytics (CVE-2025-68032) , Feb 27, 2026
WP Author box, Bio link and Post Rating &#8211; Authorsy (CVE-2026-24950) , Feb 27, 2026
Element Invader &#8211; Elementor Template Kits Library (CVE-2026-24386) , Feb 27, 2026