Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Network-reachable with no prerequisites; integrity impact added (I:L) because attackers can reply to and close tickets beyond read access.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.
AnalysisAI
Cookie forgery in WP Support Plus Responsive Ticket System (WordPress plugin ≤9.1.2) allows unauthenticated network attackers to impersonate any guest ticket owner by crafting an unsigned guest-session cookie containing the victim's email address, then reading, replying to, and closing that user's support tickets. The plugin fails to sign or verify its guest-session cookie, making the trust boundary between guest sessions trivially bypassable. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The WP Support Plus Responsive Ticket System plugin must be installed and active on a WordPress site with the guest (unauthenticated) ticket submission feature in use - this is the standard deployment mode for the plugin. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 5.3 Medium vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) captures the network-reachable, unauthenticated nature of the flaw but understates the integrity dimension: attackers can also reply to and close tickets, actions the C:L/I:N rating omits. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who knows or enumerates a target user's email address constructs an HTTP request to the WordPress site with a crafted guest-session cookie bearing that email, requiring no credentials or prior interaction. The plugin accepts the cookie at face value, granting the attacker full read and write access to that user's support tickets - potentially exposing sensitive communications, allowing injection of misleading replies, or suppressing tickets by closing them. … |
| Remediation | No vendor-released patched version has been identified at time of analysis - the WPScan advisory at https://wpscan.com/vulnerability/1c69692e-5d0c-42cf-9b3d-b722f2ba4231/ should be consulted for updates. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulner
Stored cross-site scripting in the WP Support Plus Responsive Ticket System WordPress plugin (all versions through 9.1.2
Unauthenticated SQL injection in the WP Support Plus Responsive Ticket System WordPress plugin (all versions through 9.1
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Tick
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. Rated medium severity
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42510
GHSA-rwf6-mm98-7hfq