CVE-2026-11590 | The WP Support Plus Responsive Ticket System WordPress plugi…

Description

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.

Metadata

CVE ID: CVE-2026-11590
State: PUBLISHED
Assigner: WPScan
Reserved: 2026-06-08 13:39 UTC
Published: 2026-06-30 06:00 UTC
Last updated: 2026-06-30 06:00 UTC
Vendor / Product: Unknown / WP Support Plus Responsive Ticket System
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Unknown	WP Support Plus Responsive Ticket System	—	0 ≤ 9.1.2

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-89 SQL Injection

References (1)

https://wpscan.com/vulnerability/117853ca-0fd3-4bfa-ad60-799eb5c77bdf/