CVE Catalog

CVE-2026-11590

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile — higher than 7% of all known CVEs

Summary

The WP Support Plus Responsive Ticket System WordPress plugin up to version 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.

Risk Assessment

An attacker can gain unauthorized access to the WordPress database, steal sensitive data (e.g., user data, passwords), or modify site content.

Recommendation

Immediately update the plugin to the latest available version or remove it entirely if the vendor has not released a patch.

Original NVD description (English source)

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS