CVE-2024-0596

Published Feb 10, 2024

Last updated 22 days ago

CVSS medium 5.3

Overview

Description
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. CVE-2024-35741 is likely a duplicate of this issue.
Source
security@wordfence.com
NVD status
Modified
Products
awesome_support

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-862
nvd@nist.gov
CWE-862

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.CVE-2023-49857
  2. Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.CVE-2023-49757
  3. Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.CVE-2023-48324
  4. Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.CVE-2024-35741
  5. Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.CVE-2024-24716

References

Sources include official advisories and independent security research.