Vulnerabilities > Supportcandy > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-1730 | Unspecified vulnerability in Supportcandy The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks | 9.8 |
| 2019-04-18 | CVE-2019-11223 | Unrestricted Upload of File with Dangerous Type vulnerability in Supportcandy An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | 9.8 |