๐Ÿ” CVE Alert

CVE-2026-11875

MEDIUM 5.3

WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Support Ticket Access via Session Cookie Forgery

CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
3th

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.

Vendor unknown
Product wp support plus responsive ticket system
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for unknown wp support plus responsive ticket system

Be the first to know when new medium vulnerabilities affecting unknown wp support plus responsive ticket system are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / WP Support Plus Responsive Ticket System
0 โ‰ค 9.1.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/1c69692e-5d0c-42cf-9b3d-b722f2ba4231/

Credits

Kartik sharma WPScan