HIGH
PSM Plugins
CVE published 2026-06-26
CVE-2026-54826
CVE-2026-54826 is a HIGH-severity vulnerability in SupportCandy plugin versions <= 3.4.6, allowing Subscriber Insecure Direct Object References (IDOR). The CVSS score is 7.6. The vulnerability was published on 2026-06-26T15:16:40.350Z and last modified on 2026-06-29T18:16:37.700Z. The CVE record and NVD detail pages provide official information. A mitigation reference from Patchstack is available.