Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

awesomesupport — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting awesomesupport. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Awesomesupport is a WordPress help desk plugin designed for customer support ticket management. Historically, it has been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS), and privilege escalation issues, with 12 CVEs documented. Notable security characteristics include insufficient input validation and improper access controls in its ticketing system. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations. Regular updates and proper configuration are essential to mitigate these security concerns.

Top products by awesomesupport: Awesome Support – WordPress HelpDesk & Support Plugin Awesome Support
CVE IDTitleCVSSSeverityPublished
CVE-2026-4654 Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter — Awesome Support – WordPress HelpDesk & Support PluginCWE-639 5.3 Medium2026-04-08
CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion — Awesome Support – WordPress HelpDesk & Support PluginCWE-862 6.5 Medium2026-01-16
CVE-2025-58662 WordPress Awesome Support plugin <= 6.3.5 - Deserialization of untrusted data vulnerability — Awesome SupportCWE-502 7.2 High2025-09-22
CVE-2025-53340 WordPress Awesome Support plugin <= 6.3.6 - Sensitive Data Exposure vulnerability — Awesome SupportCWE-862 5.3 Medium2025-09-09
CVE-2024-13567 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — Awesome Support – WordPress HelpDesk & Support PluginCWE-200 7.5 High2025-04-01
CVE-2024-54289 WordPress Awesome Support plugin <= 6.3.1 - Broken Access Control vulnerability — Awesome SupportCWE-862 6.5 Medium2024-12-13
CVE-2023-48324 WordPress Awesome Support HelpDesk plugin <= 6.1.4 - Broken Access control vulnerability — Awesome SupportCWE-862 5.4 Medium2024-12-09
CVE-2023-49757 WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability — Awesome SupportCWE-862 5.4 Medium2024-12-09
CVE-2023-49857 WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability — Awesome SupportCWE-862 6.5 Medium2024-12-09
CVE-2024-0596 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html() — Awesome Support – WordPress HelpDesk & Support PluginCWE-862 5.3 Medium2024-02-10
CVE-2024-0594 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection — Awesome Support – WordPress HelpDesk & Support PluginCWE-89 8.8 High2024-02-10
CVE-2024-0595 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users() — Awesome Support – WordPress HelpDesk & Support PluginCWE-862 4.3 Medium2024-02-10

This page lists every published CVE security advisory associated with awesomesupport. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.