CVE-2024-0596

Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to, and including, 6.1.7

Description The issue is related to unauthorized access of data due to a missing capability check on the editor html() function. This allows authenticated attackers with subscriber-level access and above to view password protected and draft posts.

Recommendations For versions up to, and including, 6.1.7, update to a version higher than 6.1.7 to resolve the issue. As a temporary workaround, consider restricting access to the editor html() function until a patch is available.