Lucene search
WPScanCVE-2022-3511HistoryNov 28, 2022 - 2:15 p.m.
CVE-2022-3511
2022-11-2814:15:12
WPScan
web.nvd.nist.gov
36
4
cve-2022-3511
awesome support
wordpress plugin
security
idor
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.8%
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
Affected configurations
Node
getawesomesupportawesome_supportRange<6.1.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| getawesomesupport | awesome_support | * | cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Awesome Support",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.1.2"
}
],
"defaultStatus": "unaffected"
}
]Social References
More
Related
prion
prion
Design/Logic Flaw
2022-11-28 14:15:00
nvd
nvd
CVE-2022-3511
2022-11-28 14:15:12
cvelist
cvelist
patchstack
patchstack
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
32.8%
Related for CVE-2022-3511