cleantalk
Vulnerabilities and Security Researches

Awesome Support – WordPress HelpDesk & Support Plugin, CVE-2024-0595

CVE, Research URL

CVE-2024-0595

Home page URL

Security reports for Awesome Support – WordPress HelpDesk & Support Plugin

Application

Awesome Support – WordPress HelpDesk & Support Plugin

Published on
Feb 10, 2024
Research Description
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.
Affected versions
Min -, max 6.1.8.
Status
vulnerable
Previous vulnerability researches
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2023-49757) , Jun 10, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2024-24716) , Jun 10, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2023-48324) , Jun 10, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2024-54289) , Dec 15, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2023-49857) , Dec 15, 2024
New vulnerability
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-2314) , Apr 17, 2025
hockeydata LOS (CVE-2025-26889) , Apr 17, 2025
Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin (CVE-2025-27011) , Apr 17, 2025
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams (CVE-2025-31380) , Apr 17, 2025
Royal Elementor Addons and Templates (CVE-2025-26990) , Apr 16, 2025