Cross-Site Request Forgery Vulnerability in SupportCandy Plugin by PatchStack
CVE-2025-67598
4.3MEDIUM
What is CVE-2025-67598?
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the SupportCandy WordPress plugin, allowing potential attackers to perform unauthorized actions on behalf of authenticated users. This vulnerability arises due to insufficient validation of requests, potentially compromising user data and leading to unauthorized access. It is critical that users running versions up to and including 3.4.1 take immediate steps to mitigate risks by updating to the latest secure version.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
SupportCandy <= n/a
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
daroo | Patchstack Bug Bounty Program