Browse all 4 CVE security advisories affecting psmplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Psmplugins serves as a plugin management system for various applications, enabling extended functionality through third-party extensions. Historically, the project has been associated with multiple remote code execution vulnerabilities, often stemming from insecure deserialization and improper input validation. Cross-site scripting vulnerabilities have also been prevalent due to insufficient output encoding. The project has experienced privilege escalation issues where insufficient permission checks allowed unauthorized access to sensitive operations. While no major public security incidents have been documented, the consistent pattern of critical vulnerabilities in a core utility component makes psmplugins a significant consideration for security teams implementing third-party plugin systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1251 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference — SupportCandy – Helpdesk & Customer Support Ticket SystemCWE-639 | 5.4 | Medium | 2026-01-31 |
| CVE-2026-0683 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter — SupportCandy – Helpdesk & Customer Support Ticket SystemCWE-89 | 6.5 | Medium | 2026-01-31 |
| CVE-2025-10658 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover — SupportCandy – Helpdesk & Customer Support Ticket SystemCWE-307 | 6.5 | Medium | 2025-09-20 |
| CVE-2024-13552 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference — SupportCandy – Helpdesk & Customer Support Ticket SystemCWE-285 | 4.3 | Medium | 2025-03-07 |
This page lists every published CVE security advisory associated with psmplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.