WordPress KB Support plugin <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Multiple Administrator Actions vulnerability discovered by Krzysztof Zając in WordPress Plugin KB Support versions = 1.6.6...

PT-2024-39087 · WordPress · The Kb Support – Wordpress Help Desk/Knowledge Base

Name of the Vulnerable Software and Affected Versions: The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to a missing capability check on several functions, allowing authenticated attackers with...

RHSA-2016:0426 Red Hat Security Advisory: redhat-support-plugin-rhev security, bug fix and enhancement update

Bulletin has no description...

WordPress SVG Support Plugin <= 2.5.7 is vulnerable to Cross Site Scripting (XSS)

Software SVG Support Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6708 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e6c8d6f3f3e9 Credits Nathanial Lattimer d0nut...

CVE-2024-35741 WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7...

CVE-2023-25444

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7...

CVE-2023-25444 WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7...

WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin KB Support versions = 1.6.0...

Awesome Support < 6.1.8 - Missing Authorization

Description The Awesome Support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 6.1.7. This makes it possible for unauthenticated attackers to perform unauthorized actions...

Awesome Support < 6.1.7 - Insufficient Authorization via wpas_can_delete_attachments()

Description The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check in the wpascandeleteattachments function in all versions up to, and including 6.1.6. This makes it possible for...

CVE-2024-0595

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpasgetusers function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

CVE-2024-0596

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

Sql injection

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-0595

CVE-2024-0595 concerns the Awesome Support – WordPress HelpDesk & Support Plugin. The issue is an unauthorized access vulnerability caused by a missing capability check in the wpas_get_users() function, triggered via AJAX, affecting all versions up to and including 6.1.7. The impact, as documente...

CVE-2024-0596 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html()

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

CVE-2024-0594 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

WordPress Plugin Awesome Support Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plug-in. A security vulnerability exists in WordPre...

WordPress Awesome Support Plugin <= 6.1.6 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.6 Fixed in 6.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24716 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13167e6776cb Credits Brandon Roldan Required...

CVE-2022-46839

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1...