WordPress Awesome Support plugin <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticketid' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Awesome Support versions = 6.3.7...

CVE-2023-49757 WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through = 6.1.10...