CVE-2024-0595

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 10, 2024

Updated: Feb 16, 2024

CWE ID 862

Summary

CVE-2024-0595 is a vulnerability affecting the Awesome Support – WordPress HelpDesk & Support Plugin. The issue lies in the wpas_get_users() function, which is hooked via AJAX and lacks sufficient capability checks. This flaw allows authenticated attackers with subscriber-level access or higher to gain unauthorized access to user data, specifically emails, in versions up to and including 6.1.7.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKmFku
https://www.cve.org/CVERecord?id=CVE-2024-0595
https://nvd.nist.gov/vuln/detail/CVE-2024-0595

Back to Vulnerability Database

CVE-2024-0595

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations