WordPress Plugin Vulnerabilities

SupportCandy < 3.1.7 - Subscriber+ SQLi

Description

The plugin does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

Proof of Concept

Affects Plugins

Plugin icon
supportcandy
Fixed in 3.1.7

References

CVE
CVE-2023-2719

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Original Researcher
dc11
Submitter
dc11
Verified
Yes
WPVDB ID
d9f6f4e7-a237-49c0-aba0-2934ab019e35

Timeline

Publicly Published
2023-05-22 (about 2 years ago)
Added
2023-05-24 (about 2 years ago)
Last Updated
2023-05-24 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
WP Forum Server <= 1.7.3 - wpf-insert.php edit_post_id Parameter SQL Injection
Published
2025-10-08
Title
Community Events < 1.5.2 - Unauthenticated SQL Injection
Published
2023-11-23
Title
Porto Theme - Functionality < 2.12.1 - Unauthenticated SQL Injection
Published
2025-01-18
Title
Small Package Quotes – Worldwide Express Edition < 5.2.18 - Unauthenticated SQL Injection
Published
2025-03-31
Title
Advanced WooCommerce Product Sales Reporting <= 4.1.1 - Unauthenticated SQLi