Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/02/04 11:3 p.m.9 views

CVE-2024-0594

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS7.2AI score0.00628EPSS
Exploits0References1
patchstack
patchstack
added 2024/02/12 12:0 a.m.13 views

WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to SQL Injection

Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0594 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 63f2c5ccd5ea Credits Krzysztof Zając Required privilege Subscriber...

8.8CVSS6.8AI score0.00628EPSS
Exploits0References3Affected Software1
cve
cve
added 2024/02/10 6:51 a.m.81 views

CVE-2024-0594

CVE-2024-0594 affects the WordPress plugin Awesome Support (WPAS) for WordPress. The vulnerability is a union-based SQL Injection in the wpas_get_users action, exploitable via the q parameter due to insufficient escaping and poor query preparation. Authenticated attackers with subscriber-level ac...

8.8CVSS9AI score0.00628EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2024/02/10 6:51 a.m.18 views

CVE-2024-0594 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS7.2AI score0.00628EPSS
Exploits0References4
Rows per page
Query Builder