Awesome Support < 6.0.8 – Authenticated Stored XSS | CVE 2022-38073

Affects Plugins

awesome-support

Fixed in 6.0.8

References

CVE

CVE-2022-38073

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Vlad Vector

Verified

No

WPVDB ID

59c5dda1-e115-4634-aa40-89c3f0032bb3

Timeline

Publicly Published

2022-09-14 (about 3 years ago)

Added

2022-09-21 (about 3 years ago)

Last Updated

2022-09-21 (about 3 years ago)

Other

Published

Title

Published

2023-02-15

Title

WP BaiDu Submit <= 1.2.1 - Admin+ Stored XSS

Published

2021-12-13

Title

Share One Drive < 1.15.3 - Reflected Cross-Site Scripting

Published

2025-08-25

Title

Responsive Mobile-Friendly Tooltip <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-06

Title

WP Youtube Gallery < 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Published

2020-10-29

Title

WordPress < 5.5.2 - Stored XSS in Post Slugs