Unrated severityNVD Advisory· Published Feb 7, 2022· Updated Aug 3, 2024
SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion
CVE-2021-24839
Description
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.2.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5e6e63c2-2675-4b8d-9b94-c16c525a1a0emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.