How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download

Description

The plugin does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector

Proof of Concept

As a low privilege user, open a ticket and export it (via the Profile page), then copy its download URL and change the file parameter to download other user ticket exports

https://example.com/wp-admin/profile.php?file=2&check=7311d87c18

Affects Plugins

awesome-support

Fixed in version 6.1.2

References

CVE

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

Miscellaneous

Original Researcher

dc11

Submitter

dc11

Verified

Yes

WPVDB ID

9e57285a-0023-4711-874c-6e7b3c2673d1

Timeline

Publicly Published

2022-11-07 (about 4 months ago)

Added

2022-11-07 (about 4 months ago)

Last Updated

2022-11-07 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin