cleantalk
Vulnerabilities and Security Researches

SupportCandy – Helpdesk & Customer Support Ticket System, CVE-2023-2719

CVE, Research URL

CVE-2023-2719

Home page URL

Security reports for SupportCandy – Helpdesk & Customer Support Ticket System

Application

SupportCandy – Helpdesk & Customer Support Ticket System

Published on
Jun 19, 2023
Research Description
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
Affected versions
max 3.1.7.
Status
vulnerable
Previous vulnerability researches
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2025-10658) , Oct 11, 2025
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24839) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24878) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24879) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24880) , Jun 06, 2024
New vulnerability
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026
YITH WooCommerce Compare (CVE-2026-22333) , Feb 27, 2026
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
WP-Lister Lite for eBay (CVE-2026-25384) , Feb 27, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-23541) , Feb 27, 2026