Vulnerability in Wp Support Plus Responsive Ticket System

CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.

EPSS: 0.002 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

  • Unknown Wp Support Plus Responsive Ticket System — versions 0

References

Frequently asked questions

What is CVE-2026-11590?
CVE-2026-11590 is a high-severity vulnerability in Wp Support Plus Responsive Ticket System, classified under CWE-89 SQL INJECTION. CVSS score: 8.6/10. Published 2026-06-30.
How severe is CVE-2026-11590?
High severity. CVSS v3 base score is 8.6 out of 10.