VYPR
Unrated severityNVD Advisory· Published Jun 19, 2023· Updated Dec 12, 2024

SupportCandy < 3.1.7 - Subscriber+ SQLi

CVE-2023-2719

Description

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.