The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1 - Exploit, Third Party Advisory |
30 Nov 2022, 03:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1 - Exploit, Third Party Advisory |
28 Nov 2022, 14:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-28 14:15
Updated : 2024-11-21 07:19
NVD link : CVE-2022-3511
Mitre link : CVE-2022-3511
CVE.ORG link : CVE-2022-3511
JSON object : View
Products Affected
getawesomesupport
- awesome_support
CWE
No CWE.