Security Advisory

CVE-2022-3511

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-28 13:47:23

Last updated 2025-04-25 20:00:55

Assigner WPScan

State PUBLISHED

Description

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector

← Browse all CVEs View on cve.org ↗