The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.
References
Configurations
History
16 Feb 2024, 21:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:* | |
First Time |
Getawesomesupport awesome Support
Getawesomesupport |
|
CWE | CWE-862 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
10 Feb 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-10 07:15
Updated : 2024-06-10 13:15
NVD link : CVE-2024-0596
Mitre link : CVE-2024-0596
CVE.ORG link : CVE-2024-0596
JSON object : View
Products Affected
getawesomesupport
- awesome_support
CWE
CWE-862
Missing Authorization