WordPress Plugin Vulnerabilities

Awesome Support < 6.1.11 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
awesome-support
Fixed in 6.1.11

References

CVE
CVE-2023-49757
URL
https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
19b57950-ceee-4d3e-96a3-7de64df24f9a

Timeline

Publicly Published
2023-12-04 (about 2 years ago)
Added
2023-12-09 (about 2 years ago)
Last Updated
2024-03-20 (about 2 years ago)

Other

Published
Title
Published
2019-06-15
Title
Real Estate Manager < 7.0 - Subscriber+ Settings Update
Published
2025-04-04
Title
StaffList <= 3.2.6 - Missing Authorization
Published
2024-04-25
Title
EPROLO Dropshipping < 1.7.2 - Missing Authorization
Published
2023-04-25
Title
Stream < 3.9.3 - Missing Authorization via load_alerts_settings
Published
2025-10-13
Title
TheGem Demo Import (for WPBakery) < 5.10.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion