Vulnerabilities in PSM Plugins
3 resultsCVE-2026-54826HIGHWordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-25321MEDIUMWordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-67598MEDIUMWordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%