CVE-2026-11875
WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Support Ticket Access via Session Cookie Forgery
CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
3th
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.
| Vendor | unknown |
| Product | wp support plus responsive ticket system |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown wp support plus responsive ticket system
Be the first to know when new medium vulnerabilities affecting unknown wp support plus responsive ticket system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / WP Support Plus Responsive Ticket System
0 โค 9.1.2
References
Credits
Kartik sharma WPScan