cleantalk
Vulnerabilities and Security Researches

SupportCandy – Helpdesk & Customer Support Ticket System, CVE-2021-24839

CVE, Research URL

CVE-2021-24839

Home page URL

Security reports for SupportCandy – Helpdesk & Customer Support Ticket System

Application

SupportCandy – Helpdesk & Customer Support Ticket System

Published on
Feb 07, 2022
Research Description
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
Affected versions
max 2.2.7.
Status
vulnerable
Previous vulnerability researches
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2025-10658) , Oct 11, 2025
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24839) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24878) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24879) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24880) , Jun 06, 2024
New vulnerability
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026
YITH WooCommerce Compare (CVE-2026-22333) , Feb 27, 2026
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
WP-Lister Lite for eBay (CVE-2026-25384) , Feb 27, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-23541) , Feb 27, 2026