CVE-2026-54826

HIGH7.6JSON export Create alert

Description

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Affected products

PSM Plugins / SupportCandyn/a – 3.4.6

References

MISChttps://patchstack.com/database/wordpress/plugin/supportcandy/vulnerability/wordpress-supportcandy-plugin-3-4-6-insecure-direct-object-references-idor-vulnerability?_s_id=cve