CVE-2024-0596 — Missing Authorization in Awesome Support

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 65.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Getawesomesupport Awesome Support Awesomesupport Awesome Support Wordpress Helpdesk Support Plugin

Timeline

PublishedFeb 10

Description

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. CVE-2024-35741 is likely a duplicate of this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5awesomesupport/awesome_support_wordpress_helpdesk_support_plugin6.1.7

▶NVDgetawesomesupport/awesome_support< 6.1.8

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-62c8-7p5q-m59c: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabilit↗2024-02-10

▶

CVEList

Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html()↗2024-02-10

▶