This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **SQL Injection Vulnerability**: The SupportCandy plugin fails to properly escape user input when handling 'number type' custom field filters, allowing authenticated users to inject malicious SQL statements.β¦
π οΈ **Root Cause**: CWE-89 (SQL Injection). In `class-wpsc-cf-number.php`, numeric values for equality operators are not escaped, and SQL queries do not use prepared statements.β¦
π **No Public PoC**: No executable proof-of-concept code is provided in the reference links. β οΈ No evidence of in-the-wild exploitation (no attack reports or samples found).
Q7How to self-check? (Features/Scanning)
π **Self-Check Method**: Verify if SupportCandy plugin is installed and version β€ 3.4.4. π Scan files: `class-wpsc-cf-number.php` (L371) and `class-wpsc-ticket-list.php` (L1265, L1288) for unescaped SQL concatenation.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **No Official Patch**: According to available data, no patch is released. However, upgrade to the latest version if a fixed release exists.β¦
β οΈ **High Priority**: CVSS 7.5 (H/C). Authenticated users can read sensitive data. While data destruction is not possible, the risk of information leakage is extremely high.β¦