CVE-2026-11590
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
The WP Support Plus Responsive Ticket System WordPress plugin up to version 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.
Risk Assessment
An attacker can gain unauthorized access to the WordPress database, steal sensitive data (e.g., user data, passwords), or modify site content.
Recommendation
Immediately update the plugin to the latest available version or remove it entirely if the vendor has not released a patch.
Original NVD description (English source)
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.

