WordPress Plugin Vulnerabilities

Awesome Support < 6.1.6 - Missing Authorization via wpas_load_reply_history

Description

The Awesome Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpas_load_reply_history function in versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to load reply history.

Affects Plugins

Plugin icon
awesome-support
Fixed in 6.1.6

References

CVE
CVE-2023-51537
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d713de0-40a4-4926-9942-e5e2bf7434c4

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Brandon James Roldan (tomorrowisnew)
Verified
No
WPVDB ID
716b3a19-1df8-40cd-b90c-1a964308c647

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2023-08-30
Title
Multiple Plugins from ServMask - Unauthenticated Access Token Update
Published
2024-05-03
Title
Import and export users and customers < 1.26.6 - Missing Authorization
Published
2024-03-15
Title
Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update
Published
2025-03-13
Title
Search and filter pro < 2.5.20 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure
Published
2024-04-22
Title
Data Tables Generator by Supsystic < 1.10.32 - Missing Authorization