CVE-2026-1251 | SupportCandy Plugin up to 3.4.4 on WordPress add_reply description_attachments resource injection

Inserito da Angelo Barbosa | Gen 31, 2026 | CVE

A vulnerability, which was classified as critical, was found in SupportCandy Plugin up to 3.4.4 on WordPress. Impacted is the function add_reply. The manipulation of the argument description_attachments results in improper control of resource identifiers.

This vulnerability is known as CVE-2026-1251. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-1251 | SupportCandy Plugin up to 3.4.4 on WordPress add_reply description_attachments resource injection

Post correlati

CVE-2024-53777 | Alberto Reineri Simple Header and Footer Plugin up to 1.0.0 on WordPress cross-site request forgery

CVE-2025-8895 | WP Webhooks Plugin up to 3.3.5 on WordPress Remote Code Execution

CVE-2023-51693 | Themify Icons Plugin up to 2.0.1 on WordPress cross site scripting

CVE-2024-23107 | Fortinet FortiWeb up to 6.3.23/7.0.8/7.2.4/7.4.0 CLI information disclosure (FG-IR-23-191)