PT-2026-56700 · Undefined · Undefined

Kartik Sharma

·

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-11875

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-11875

Affected Products

Undefined