Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | WP Support Plus Responsive Ticket System | unknown |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Jun 2026 07:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. | |
| Title | WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array Keys | |
| References |
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-06-30T06:00:01.843Z
Reserved: 2026-06-08T13:39:48.524Z
Link: CVE-2026-11590
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-30T09:00:05Z
No weakness.