SupportCandy
PSM Plugins
Developer
3.4.1
Latest version
10,000
Installations
Oct 8, 2025
Last updated
Vulnerability history
0 present
12 fixed
6 Mitigation rules
- Authentication Bypass to Support Session Takeover vulnerability<= 3.3.7Sep 20, 2025
- Insecure Direct Object Reference vulnerability<= 3.3.0Mar 6, 2025
- Cross Site Scripting (XSS) vulnerability<= 3.2.3Mar 15, 2024
- Subscriber+ SQLi vulnerability< 3.1.7Jun 19, 2023
- Admin+ SQLi vulnerability< 3.1.7Jun 19, 2023
- Unauthenticated SQLi vulnerability< 3.1.5Apr 13, 2023
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.2.6Jan 5, 2022
- Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)<= 2.2.6Jan 5, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.2.6Jan 5, 2022
- Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability<= 2.2.6Jan 5, 2022
- Unauthenticated Arbitrary Ticket Deletion vulnerability<= 2.2.4Jan 5, 2022
- Arbitrary File Upload vulnerability<= 2.0.0Apr 17, 2019