WordPress Plugin Vulnerabilities

Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.8 - Missing Authorization via wpas_get_users()

Description

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.

Affects Plugins

Plugin icon
awesome-support
Fixed in 6.1.8

References

CVE
CVE-2024-0595
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
2822565b-7439-4e11-8450-91b9cea6179c

Timeline

Publicly Published
2024-02-09 (about 2 years ago)
Added
2024-02-09 (about 2 years ago)
Last Updated
2024-02-09 (about 2 years ago)

Other

Published
Title
Published
2025-10-05
Title
Testimonial Slider <= 2.0.15 - Missing Authorization
Published
2024-10-11
Title
Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion
Published
2026-01-18
Title
Hyyan WooCommerce Polylang Integration <= 1.5.0 - Missing Authorization
Published
2023-09-01
Title
Surfer < 1.3.3.379 - Missing Authorization
Published
2023-10-25
Title
WP Word Count <= 3.2.4 - Missing Authorization via calculate_statistics