4 matches found
CVE-2024-0594
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to SQL Injection
Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0594 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 63f2c5ccd5ea Credits Krzysztof Zając Required privilege Subscriber...
CVE-2024-0594
CVE-2024-0594 affects the WordPress plugin Awesome Support (WPAS) for WordPress. The vulnerability is a union-based SQL Injection in the wpas_get_users action, exploitable via the q parameter due to insufficient escaping and poor query preparation. Authenticated attackers with subscriber-level ac...
CVE-2024-0594 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...