During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and…
The post Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251) appeared first on Sentrium Security.
The post Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251) appeared first on Security Boulevard.
This article has been indexed from Security Boulevard
Read the original article: