During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and”¦
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2026/02/disclosure-supportcandy-ticket-attachment-idor-cve-2026-1251/
