CVE-2024-0596

MEDIUM

Awesome Support WordPress Plugin <= 6.1.7 - Authenticated Data Access via editor_html()

Title source: llm
STIX 2.1

Description

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. CVE-2024-35741 is likely a duplicate of this issue.

Scores

CVSS v3 5.3
EPSS 0.0040
EPSS Percentile 32.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
awesomesupport/Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.7
getawesomesupport/awesome_support < 6.1.8
Published Feb 10, 2024
Tracked Since Feb 18, 2026