SupportCandy 漏洞列表
共找到 4 个与 SupportCandy 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2023-1730: SupportCandy < 3.1.5 - Unauthenticated SQL Injection POC
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. -
CVE-2021-24878: SupportCandy < 2.2.7 - Reflected Cross-Site Scripting POC
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue -
CVE-2021-24878: SupportCandy < 2.2.7 - Reflected Cross-Site Scripting POC
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue -
CVE-2023-1730: SupportCandy < 3.1.5 - Unauthenticated SQL Injection POC
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.