WordPress Awesome Support plugin <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticketid' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Awesome Support versions = 6.3.7...

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31110

Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to and including 6.3.7 Description The Awesome Support – WordPress HelpDesk & Support Plugin is susceptible to an Insecure Direct Object Reference issue. The wpas get ticket...

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.1.7 - Missing Authorization via editor_html() vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.1.7 - Missing Authorization via editorhtml vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Awesome Support versions = 6.1.7...

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

CVE-2025-12641

CVE-2025-12641 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress (versions up to 6.3.6). The vulnerability is an authorization bypass caused by missing capabilities checks in wpas_do_mr_activate_user and a nonce namespace issue that allows unauthenticated attackers t...

EUVD-2019-10735

Malware in sbrugna...

EUVD-2021-23495

Malware in sbrugna...

EUVD-2015-9158

Malware in sbrugna...

EUVD-2023-56250

Malicious code in bioql PyPI...

EUVD-2023-53765

Malicious code in bioql PyPI...

EUVD-2025-30555

Malicious code in bioql PyPI...

EUVD-2024-52413

Malicious code in bioql PyPI...

EUVD-2024-22115

Malicious code in bioql PyPI...

EUVD-2024-28459

Malicious code in bioql PyPI...

EUVD-2023-56249

Malicious code in bioql PyPI...

EUVD-2025-27453

Malicious code in bioql PyPI...

EUVD-2023-52379

Malicious code in bioql PyPI...