CVE-2022-3511

Name of the Vulnerable Software and Affected Versions Awesome Support WordPress plugin versions prior to 6.1.2

Description The issue allows a low-privileged user, such as a subscriber, to download arbitrary exported tickets via an IDOR vector. This occurs because the plugin does not ensure that the exported tickets archive to be downloaded belongs to the user making the request.

Recommendations For versions prior to 6.1.2, update to version 6.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ticket export feature to minimize the risk of exploitation.