National Cyber Warfare Foundation (NCWF)

Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)
0 user ratings		2026-02-04 15:54:15
milo
Blue Team (CND)

During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and…


The post Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251) appeared first on Sentrium Security.


The post Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251) appeared first on Security Boulevard.



Theklis Stefani

Source: Security Boulevard
Source Link: https://securityboulevard.com/2026/02/disclosure-supportcandy-ticket-attachment-idor-cve-2026-1251/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.