Vulnerabilities > Getawesomesupport > Awesome Support
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-5355 | Path Traversal vulnerability in Getawesomesupport Awesome Support The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. | 8.1 |
| 2022-11-28 | CVE-2022-3511 | Unspecified vulnerability in Getawesomesupport Awesome Support The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector | 6.5 |
| 2021-11-26 | CVE-2021-36919 | Cross-site Scripting vulnerability in Getawesomesupport Awesome Support Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | 3.5 |
| 2020-01-09 | CVE-2019-20181 | Cross-site Scripting vulnerability in Getawesomesupport Awesome Support The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter. | 4.8 |
| 2019-08-20 | CVE-2015-9318 | 7PK - Security Features vulnerability in Getawesomesupport Awesome Support The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | 5.0 |
| 2019-08-20 | CVE-2015-9317 | Cross-site Scripting vulnerability in Getawesomesupport Awesome Support The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. | 4.3 |