Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:1 p.m.8 views

CVE-2022-3511

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...

6.5CVSS6.8AI score0.00699EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/11/28 1:47 p.m.35 views

CVE-2022-3511 Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...

6.6AI score0.00699EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/28 1:47 p.m.7 views

CVE-2022-3511 Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...

7AI score0.00699EPSS
Exploits1References1
CVE
CVE
added 2022/11/28 1:47 p.m.64 views

CVE-2022-3511

The CVE-2022-3511 entry concerns the WordPress plugin Awesome Support (versions prior to 6.1.2). The issue is an IDOR flaw where the exported tickets archive download can be accessed by low-privilege users (e.g., subscribers) who do not own the requested ticket, enabling arbitrary ticket download...

6.5CVSS6.4AI score0.00699EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder