Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support β WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support β WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.
8.8CVSS
8.6AI Score
0.001EPSS
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
4.3CVSS
4.6AI Score
0.0004EPSS
The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1CVSS
6AI Score
0.0005EPSS
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.
8.1CVSS
8AI Score
0.0005EPSS