Unrated severityNVD Advisory· Published Jun 19, 2023· Updated Dec 12, 2024
SupportCandy < 3.1.7 - Subscriber+ SQLi
CVE-2023-2719
Description
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.1.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/d9f6f4e7-a237-49c0-aba0-2934ab019e35mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.