Launchpad.net

CVE 2016-11012

The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.

See the CVE page on Mitre.org for more details.