Awesome Support WordPress Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Awesome Support WordPress HelpDesk & Support Plugin, affecting versions through 6.3.7. The issue arises in the 'wpas_get_ticket_replies_ajax()' function, which does not properly verify if the authenticated user has the right to view the requested ticket. This flaw enables authenticated users with subscriber-level access or higher to access sensitive information from all support tickets by manipulating the 'ticket_id' parameter.

Impact

Exploitation of this vulnerability allows unauthorized access to ticket replies, potentially exposing sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access can send a request to the 'wpas_get_ticket_replies_ajax()' function. The request must include a 'ticket_id' parameter for a ticket the user does not have permission to view. The absence of proper authorization checks will result in the response containing replies from the specified ticket, bypassing access controls.

Remediation

Users are advised to update the Awesome Support WordPress Plugin to version 6.3.8 or later.