The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
Published August 20, 2019.
Getawesomesupport Awesome Support
