Security Advisory

CVE-2023-2719

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-19 10:52:42

Last updated 2024-12-12 21:03:39

Assigner WPScan

State PUBLISHED

Description

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

← Browse all CVEs View on cve.org ↗