QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24839

Published: Feb 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.

Vendor	Product	Versions
Unknown	SupportCandy – Helpdesk & Support Ticket System	affected `2.2.5 - < 2.2.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/5e6e63c2-2675-4b8d-9b94-c16c525a1a0e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.