cleantalk
Vulnerabilities and Security Researches

SupportCandy – Helpdesk & Customer Support Ticket System, CVE-2023-2805

CVE, Research URL

CVE-2023-2805

Home page URL

Security reports for SupportCandy – Helpdesk & Customer Support Ticket System

Application

SupportCandy – Helpdesk & Customer Support Ticket System

Published on
Jun 19, 2023
Research Description
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Affected versions
max 3.1.7.
Status
vulnerable
Previous vulnerability researches
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2025-10658) , Oct 11, 2025
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24839) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24878) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24879) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24880) , Jun 06, 2024
New vulnerability
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026
YITH WooCommerce Compare (CVE-2026-22333) , Feb 27, 2026
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
WP-Lister Lite for eBay (CVE-2026-25384) , Feb 27, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-23541) , Feb 27, 2026