CVE-2026-11875
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unaut
CVSS
5.3
Medium
EPSS
0.2%
p9
KEV
—
Exploit Today
3
0-100
Published: Jul 9, 2026 · Last modified: Jul 9, 2026
0.1%EPSS · 30 days0.2%
2026-07-092026-07-17
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.
No related CVEs by CWE or product.