WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48323

8.8HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
30 November 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Awesome Support – WordPress HelpDesk & Support Plugin. This weakness allows attackers to manipulate users into executing unwanted actions on a web application where they are authenticated. The vulnerability impacts versions from n/a up to 6.1.4, making it critical for users to update their plugin to secure their WordPress installations against potential exploits.

Affected Version(s)

Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.4

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

thiennv (Patchstack Alliance)
.