CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3511 – Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download
https://notcve.org/view.php?id=CVE-2022-3511
07 Nov 2022 — The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector El complemento Awesome Support de WordPress anterior a 6.1.2 no garantiza que el archivo de tickets exportados que se descargará pertenezca al usuario que realiza la solicitud, lo que permite a un usuario con pocos privilegios, como un suscriptor... • https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38073 – WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties)
https://notcve.org/view.php?id=CVE-2022-38073
14 Sep 2022 — Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Persistente Autenticado (rol específico del plugin) en el plugin Awesome Support versiones anteriores a 6.0.7 incluyéndola, en WordPress The Awesome Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.7 due to insufficient input sanitiz... • https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36919 – WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-36919
26 Nov 2021 — Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Reflejada y Autenticadas en el plugin Awesome Support de WordPress (versiones anteriores a 6.0.6 incluyéndola), parámetros vulnerables (&id, &assignee) The "Awesome Support – WordPress HelpDesk & Support Plugin" plugin for WordPress is vulnerable to Reflected Cross-Sit... • https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-6-multiple-authenticated-reflected-cross-site-scripting-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20181 – Awesome Support – WordPress HelpDesk & Support Plugin <= 6.0.13 - Cross-Site Scripting via post_title
https://notcve.org/view.php?id=CVE-2019-20181
06 Jan 2020 — The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter. El plugin awesome-support versión 5.8.0 para WordPress, permite un ataque de tipo XSS por medio del parámetro post_title. The awesome-support plugin 6.0.13 and below for WordPress allows XSS via the post_title parameter. • https://medium.com/%40Pablo0xSantiago/cve-2019-20181-awesome-support-wordpress-helpdesk-support-plugin-5-8-0-84a0c022cf53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9318 – Awesome Support – WordPress HelpDesk & Support Plugin <= 3.1.6 - Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2015-9318
15 May 2015 — The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. El plugin de awesome-support antes de 3.1.7 para WordPress tiene un problema de seguridad en el que se permiten shortcodes en las respuestas. • https://wordpress.org/plugins/awesome-support/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9317 – Awesome Support – WordPress HelpDesk & Support Plugin < 3.1.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9317
15 May 2015 — The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. El plugin de awesome-support antes de 3.1.7 para WordPress tiene XSS a través de mensajes de información personalizados. • https://wordpress.org/plugins/awesome-support/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •