cleantalk
Vulnerabilities and Security Researches

SupportCandy – Helpdesk & Customer Support Ticket System, CVE-2025-67598

CVE, Research URL

CVE-2025-67598

Home page URL

Security reports for SupportCandy – Helpdesk & Customer Support Ticket System

Application

SupportCandy – Helpdesk & Customer Support Ticket System

Published on
Dec 09, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.
Affected versions
max 3.4.1.
Status
vulnerable
Previous vulnerability researches
SupportCandy &#8211; Helpdesk &amp; Customer Support Ticket System (CVE-2025-10658) , Oct 11, 2025
SupportCandy &#8211; Helpdesk &amp; Customer Support Ticket System (CVE-2021-24839) , Jun 06, 2024
SupportCandy &#8211; Helpdesk &amp; Customer Support Ticket System (CVE-2021-24878) , Jun 06, 2024
SupportCandy &#8211; Helpdesk &amp; Customer Support Ticket System (CVE-2021-24879) , Jun 06, 2024
SupportCandy &#8211; Helpdesk &amp; Customer Support Ticket System (CVE-2021-24880) , Jun 06, 2024
New vulnerability
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026
YITH WooCommerce Compare (CVE-2026-22333) , Feb 27, 2026
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
WP-Lister Lite for eBay (CVE-2026-25384) , Feb 27, 2026
Email Marketing, Email Automation &amp; Newsletter for WordPress &amp; WooCommerce – Mail Mint (CVE-2026-23541) , Feb 27, 2026