CVE-2022-3511: Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download
First published: Mon Nov 28 2022(Updated: )
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Awesome Support | <6.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3511?
CVE-2022-3511 is a vulnerability in the Awesome Support WordPress plugin before version 6.1.2 that allows low privileged users to download arbitrary exported tickets.
How does CVE-2022-3511 affect the Awesome Support plugin?
CVE-2022-3511 affects the Awesome Support WordPress plugin before version 6.1.2 by allowing low privileged users, such as subscribers, to download arbitrary exported tickets without proper authorization.
What is the severity of CVE-2022-3511?
The severity of CVE-2022-3511 is medium with a CVSS score of 6.5.
How can I fix CVE-2022-3511?
To fix CVE-2022-3511, it is recommended to update the Awesome Support WordPress plugin to version 6.1.2 or later.
Where can I find more information about CVE-2022-3511?
More information about CVE-2022-3511 can be found at the following reference link: https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/getawesomesupport
- canonical/awesome support