WordPress Plugin Vulnerabilities

SupportCandy < 3.3.8 - Authentication Bypass to Support Session Takeover

Description

The plugin is vulnerable to Authentication Bypass due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers to bypass authentication and gain unauthorized access to customer support tickets by brute forcing the 6-digit OTP code.

Affects Plugins

Plugin icon
supportcandy
Fixed in 3.3.8

References

CVE
CVE-2025-10658
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b11670a-f6e4-4555-ab76-4223f0194517

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Jonas Benjamin Friedli
Verified
No
WPVDB ID
affbf09d-a89c-446e-a239-1216be33dcf9

Timeline

Publicly Published
2025-09-19 (about 7 months ago)
Added
2025-09-19 (about 7 months ago)
Last Updated
2025-09-19 (about 7 months ago)

Other

Published
Title
Published
2022-08-09
Title
Simple Single Sign On <= 4.1.0 - Authentication Bypass
Published
2015-03-21
Title
WP Marketplace <= 2.4.0 - Arbitrary File Download
Published
2024-12-11
Title
Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user
Published
2024-04-29
Title
Customer Email Verification for WooCommerce < 2.7.5 - Authentication Bypass
Published
2025-02-28
Title
Alloggio Membership < 1.2 - Authentication Bypass