All 6 CVE vulnerabilities found in SupportCandy, with AI-generated Chinese analysis, references, and POCs.
Vendor: Unknown
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-25321 | WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability CWE-862 | 9.1AI | CriticalAI | 2026-02-19 |
| CVE-2025-67598 | WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 | 4.3 | Medium | 2025-12-09 |
| CVE-2024-27991 | WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability CWE-79 | 6.5 | Medium | 2024-03-21 |
| CVE-2023-2805 | SupportCandy < 3.1.7 - Admin+ SQLi | 7.2 | - | 2023-06-19 |
| CVE-2023-2719 | SupportCandy < 3.1.7 - Subscriber+ SQLi | 8.8 | - | 2023-06-19 |
| CVE-2023-1730 | SupportCandy < 3.1.5 - Unauthenticated SQLi | 9.8 | - | 2023-05-02 |
All 6 known CVE vulnerabilities affecting SupportCandy with full Chinese analysis, references, and POCs where available.