Unknown Awesome Support vulnerabilities

CVE-2023-5355 [HIGH] CWE-22 CVE-2023-5355: The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting tempora The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

CVE-2023-5354 [MEDIUM] CWE-79 CVE-2023-5354: The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before ou The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE-2023-5352 [MEDIUM] CWE-863 CVE-2023-5352: The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply f The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.

CVE-2022-3511 [MEDIUM] CWE-639 CVE-2022-3511: The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector