cleantalk
Vulnerabilities and Security Researches

SupportCandy – Helpdesk & Customer Support Ticket System, CVE-2026-1251

CVE, Research URL

CVE-2026-1251

Home page URL

Security reports for SupportCandy – Helpdesk & Customer Support Ticket System

Application

SupportCandy – Helpdesk & Customer Support Ticket System

Published on
Jan 31, 2026
Research Description
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to steal file attachments uploaded by other users by specifying arbitrary attachment IDs in the 'description_attachments' parameter, re-associating those files to their own tickets and removing access from the original owners.
Affected versions
max 3.4.5.
Status
vulnerable
Previous vulnerability researches
Hello Bar (CVE-2026-39666) , Apr 14, 2026
New vulnerability
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin (CVE-2026-1404) , Apr 14, 2026
Converter for Media – Optimize images | Convert WebP & AVIF (CVE-2026-1356) , Apr 14, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-1258) , Apr 14, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-2025) , Apr 14, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-1447) , Apr 14, 2026