CVE-2024-13567

Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to, and including, 6.3.1

Description The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory, which can contain file attachments included in support tickets. This is possible via the 'awesome-support' directory. The vulnerability was partially patched in version 6.3.1.

Recommendations For versions up to, and including, 6.3.1, consider restricting access to the /wp-content/uploads/awesome-support directory to minimize the risk of exploitation. As a temporary workaround, avoid storing sensitive file attachments in support tickets until a full patch is available. Update to a version later than 6.3.1 when available, as version 6.3.1 only partially patches the issue.