CVE-2026-11875
EUVD-2026-4251009.07.2026, 07:16
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.