cleantalk
Vulnerabilities and Security Researches

Awesome Support – WordPress HelpDesk & Support Plugin, CVE-2024-13567

CVE, Research URL

CVE-2024-13567

Home page URL

Security reports for Awesome Support – WordPress HelpDesk & Support Plugin

Application

Awesome Support – WordPress HelpDesk & Support Plugin

Published on
Apr 01, 2025
Research Description
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1.
Affected versions
Min -, max 6.3.2.
Status
vulnerable
Previous vulnerability researches
Translate Multilingual sites – TranslatePress (CVE-2024-34827) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2021-24610) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2022-3141) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2025-30773) , Mar 28, 2025
New vulnerability
ABC Notation (CVE-2025-31895) , Apr 03, 2025
Leartes TRY Exchange Rates (CVE-2025-31783) , Apr 03, 2025
Essential Real Estate (CVE-2025-30849) , Apr 03, 2025
SMS Abandoned Cart Recovery ✦ CartBoss (CVE-2025-31865) , Apr 03, 2025
HTML Forms (CVE-2025-31080) , Apr 03, 2025