SupportCandy – Helpdesk & Customer Support Ticket System

Vulnerabilities 17Slug supportcandyLatest version 3.4.6WordPress.org →

Minimum safe version

3.4.5

Update to 3.4.5 or later to address 17 fixable vulnerabilities

Latest available3.4.6 ✓

Medium 5.4

2026-01-31< 3.4.5

SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference

EUVD Wordfence CVE

Medium 6.5

2026-01-31< 3.4.5

SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter

EUVD Wordfence CVE

Medium 5.3

2026-02-19< 3.4.5

CVE-2026-25321

CVE Wordfence

Medium 4.3

2025-12-09< 3.4.2

CVE-2025-67598

CVE Wordfence

Medium 6.5

2025-09-20< 3.3.8

CVE-2025-10658

CVE EUVD Wordfence

Medium 4.3

2025-03-07< 3.3.1

CVE-2024-13552

CVE EUVD Patchstack Wordfence

Medium 6.5

2024-03-21< 3.2.4

CVE-2024-27991

CVE Wordfence Patchstack WPScan

N/A

2023-03-28< 3.1.4

SupportCandy <= 3.1.3 - Sensitive Data Exposure

Wordfence

High 8.8

2023-06-19< 3.1.7

CVE-2023-2719

CVE Patchstack Wordfence WPScan

High 7.2

2023-06-19< 3.1.7

CVE-2023-2805

CVE Patchstack Wordfence WPScan

Critical 9.8

2023-05-02< 3.1.5

CVE-2023-1730

CVE Patchstack Wordfence WPScan

Critical 9.8

2019-04-18< 2.0.1

CVE-2019-11223

CVE Patchstack Wordfence WPScan

Medium 5.4

2022-02-07< 2.2.7

CVE-2021-24880

CVE Patchstack Wordfence WPScan

High 8.8

2022-02-07< 2.2.7

CVE-2021-24879

CVE Patchstack Wordfence WPScan

Medium 6.1

2022-02-07< 2.2.7

CVE-2021-24878

CVE Patchstack Wordfence WPScan

Medium 6.5

2022-02-07< 2.2.7

CVE-2021-24843

CVE Patchstack Wordfence WPScan

High 7.5

2022-02-07< 2.2.7

CVE-2021-24839

CVE Patchstack Wordfence WPScan