CVE-2023-5355

Summary

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

Affected Software

VendorProductVersion RangeStatus
UnknownAwesome Support0 < 6.1.5affected

Weaknesses

  • CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References