Awesome Support
Moderate fix1 remedy
cpe:2.3:a:awesomesupport:awesome_support_wordpress_helpdesk_&_support:*:*:*:*:wordpress:*:*, +1 more
Moderate fix1 remedy
- <= 6.3.1
Awesome Support WordPress Plugin Sensitive Information Exposure Vulnerability
Vulnerability
Patched
A vulnerability allowing unauthenticated sensitive information exposure has been identified in the Awesome Support WordPress HelpDesk & Support Plugin, affecting all versions through 6.3.1. The issue arises from unprotected directories that allow unauthorized users to access sensitive data, such as file attachments from support tickets, stored in the 'wp-content/uploads/awesome-support' directory. This vulnerability was partially addressed in version 6.3.1.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including private file attachments from support tickets.
Reproduction
The vulnerability can be reproduced by accessing the 'wp-content/uploads/awesome-support' directory on a WordPress site with the affected plugin version. This can be done without authentication, allowing anyone to download sensitive files that may be present.
Remediation
Users are advised to update the Awesome Support WordPress HelpDesk & Support Plugin to version 6.3.2 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
8.6remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.