CVE-2022-3511 — MEDIUM (6.5)

Q: How severe is CVE-2022-3511?

CVE-2022-3511 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3511?

Check the references section above for vendor advisories and patch information. Affected products include: Getawesomesupport Awesome Support.

Vulnerability Description

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Getawesomesupport	Awesome Support	< 6.1.2

References

https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1ExploitThird Party Advisory
https://wpscan.com/vulnerability/9e57285a-0023-4711-874c-6e7b3c2673d1ExploitThird Party Advisory

FAQ

What is CVE-2022-3511?

CVE-2022-3511 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as sub...

How severe is CVE-2022-3511?

CVE-2022-3511 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3511?

Check the references section above for vendor advisories and patch information. Affected products include: Getawesomesupport Awesome Support.