Missing Authorization Vulnerability Affects Awesome Support
CVE-2024-30539

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Awesome Support
Vendor: CVE Published:; 9 June 2024

Summary

The Awesome Support Plugin suffers from a missing authorization vulnerability, which allows unauthorized users to access sensitive functions within the plugin. This flaw poses serious security risks, enabling potential exploitation by malicious actors. The issue affects versions of the plugin prior to 6.1.7, making it crucial for users to implement the necessary updates to safeguard their applications from unauthorized access and potential data breaches.

Affected Version(s)

Awesome Support <= 6.1.7

References

https://patchstack.com/database/vulnerability/awesome-sup...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Khalid (Patchstack Alliance)