WordPress Plugin Vulnerabilities
Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download
Description
The plugin does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
Proof of Concept
As a low privilege user, open a ticket and export it (via the Profile page), then copy its download URL and change the file parameter to download other user ticket exports https://example.com/wp-admin/profile.php?file=2&check=7311d87c18
Affects Plugins
References
CVE
Classification
Type
IDOR
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
dc11
Submitter
dc11
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-11-07 (about 1 years ago)
Added
2022-11-07 (about 1 years ago)
Last Updated
2022-11-07 (about 1 years ago)