Vulnerabilities > Getawesomesupport

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-5355 Path Traversal vulnerability in Getawesomesupport Awesome Support
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.
network
low complexity
getawesomesupport CWE-22
8.1
2022-11-28 CVE-2022-3511 Unspecified vulnerability in Getawesomesupport Awesome Support
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
network
low complexity
getawesomesupport
6.5
2022-09-21 CVE-2022-38073 Cross-site Scripting vulnerability in Getawesomesupport Awesome Support
Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.
network
low complexity
getawesomesupport CWE-79
5.4
2021-11-26 CVE-2021-36919 Cross-site Scripting vulnerability in Getawesomesupport Awesome Support
Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee).
network
low complexity
getawesomesupport CWE-79
5.4
2020-01-09 CVE-2019-20181 Cross-site Scripting vulnerability in Getawesomesupport Awesome Support
The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter.
network
low complexity
getawesomesupport CWE-79
4.8
2019-08-20 CVE-2015-9318 7PK - Security Features vulnerability in Getawesomesupport Awesome Support
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
network
low complexity
getawesomesupport CWE-254
7.5
2019-08-20 CVE-2015-9317 Cross-site Scripting vulnerability in Getawesomesupport Awesome Support
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
network
low complexity
getawesomesupport CWE-79
6.1