WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

SupportCandy <= 2.0.0 - Arbitrary File Upload

Description

The SupportCandy WordPress plugin was affected by an Arbitrary File Upload security vulnerability.

Affects Plugins

supportcandy
Fixed in version 2.0.1

References

CVE
CVE-2019-11223
URL
https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/
URL
https://github.com/AngelCtulhu/CVE-2019-11223

Classification

Type

UPLOAD

CWE
CWE-434

Miscellaneous

Original Researcher

Christian Angel - KALASAG CERT

Verified

No

WPVDB ID
a8bebdac-9b9b-4fbd-ba3d-c1db43104476

Timeline

Publicly Published

2019-04-17 (about 3 years ago)

Added

2019-08-01 (about 3 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin