CVE-2026-11875
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unaut
CVSS
5.3
Medio
EPSS
0.2%
p9
KEV
—
Exploit Today
3
0-100
Publicado: 9 jul 2026 · Última mod.: 9 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-092026-07-17
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.
Sin CVEs relacionados por CWE o producto.