Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 13 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-287 |
Mon, 13 Jul 2026 08:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-287 |
Sun, 12 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-287 |
Sat, 11 Jul 2026 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-287 CWE-522 |
Fri, 10 Jul 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-287 CWE-522 |
Thu, 09 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets. | |
| Title | WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Support Ticket Access via Session Cookie Forgery | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-09T14:44:24.978Z
Reserved: 2026-06-10T12:38:40.449Z
Link: CVE-2026-11875
Updated: 2026-07-09T14:44:16.582Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T21:00:04Z