CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54289 – WordPress Awesome Support plugin <= 6.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-54289
11 Dec 2024 — Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.3.0. The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ... • https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-6-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24716 – WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24716
12 Mar 2024 — Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6. Vulnerabilidad de autorización faltante en el equipo de soporte de Awesome Awesome Support. Este problema afecta a Awesome Support: desde n/a hasta 6.1.6. The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check in the wpas_can_delete_attachments() function in al... • https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49757 – WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability
https://notcve.org/view.php?id=CVE-2023-49757
04 Dec 2023 — Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.10. The Awesome Support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 6.1.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48324 – WordPress Awesome Support HelpDesk plugin <= 6.1.4 - Broken Access control vulnerability
https://notcve.org/view.php?id=CVE-2023-48324
23 Nov 2023 — Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4. The Awesome Support plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpas_edit_reply_ajax() function in versions up to, and including, 6.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to edi... • https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-helpdesk-plugin-6-1-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •