Skip to main content

SupportCandy CVE-2026-57711

| EUVDEUVD-2026-43366 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-13 Patchstack
6.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
5.4 MEDIUM

AV:N and AC:L confirmed by web delivery; PR:L because ticket submission requires a user account; UI:R for admin to view ticket; S:C for browser scope change; A:N as XSS does not typically cause availability impact absent specific DoS behavior.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:21 vuln.today

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through <= 3.4.8.

AnalysisAI

Stored cross-site scripting in the SupportCandy WordPress plugin (versions through 3.4.8) allows a low-privileged authenticated attacker to inject persistent malicious scripts that execute in the browser of any user - likely an administrator or support agent - who subsequently views the tainted content. The scope change (S:C in CVSS) reflects that injected script breaks out of the plugin's trust boundary and runs in the victim's full browser session, enabling session hijacking, credential theft, or unauthorized administrative actions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or obtain low-privilege WordPress account
Delivery
Submit support ticket with embedded XSS payload
Exploit
Payload persisted to WordPress database
Execution
Admin or agent opens ticket in dashboard
Persist
Malicious script executes in victim browser
Impact
Attacker steals admin session or performs unauthorized actions

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a low-privilege authenticated account in the WordPress or SupportCandy environment (PR:L per CVSS vector) - typically a registered site user or customer who can submit support tickets. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 6.5 (Medium) is broadly appropriate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user - such as a registered WordPress customer or front-end support portal user - submits a new support ticket or reply containing a crafted JavaScript payload (e.g., a script tag or event handler in a text field) that the plugin fails to sanitize before storing. When a support agent or WordPress administrator opens the ticket in the admin dashboard, the stored script executes in their browser context, silently exfiltrating their session cookie or performing actions (such as creating a rogue admin account) on their behalf. …
Remediation Administrators should update the SupportCandy plugin to a version above 3.4.8 immediately; the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/supportcandy/vulnerability/wordpress-supportcandy-plugin-3-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve should be consulted for the specific patched release version, which was not explicitly stated in the available input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57711 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy