Critical severity9.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026

CVE-2015-7670

Description

Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/simple-support-ticket-system/nvdRelease NotesThird Party Advisory
wpvulndb.com/vulnerabilities/8207nvdThird Party Advisory
www.securityfocus.com/archive/1/536624/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000