CVE-2024-0595: CWE-862 Missing Authorization in awesomesupport Awesome Support – WordPress HelpDesk & Support Plugin
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. CVE-2024-35741 is likely a duplicate of this issue.
AI Analysis
Technical Summary
CVE-2024-0595 is a missing authorization vulnerability (CWE-862) in the Awesome Support – WordPress HelpDesk & Support Plugin. The issue arises because the wpas_get_users() function, which is hooked via AJAX, lacks proper capability checks. This allows authenticated users with subscriber-level privileges or higher to access user data, including email addresses. The vulnerability affects all plugin versions up to 6.1.7. No official patch or fix has been referenced in the provided data, and no known exploits have been reported.
Potential Impact
An attacker with at least subscriber-level access can retrieve user email addresses from the WordPress site using the vulnerable plugin. This leads to unauthorized disclosure of user information but does not affect integrity or availability. The impact is limited to information disclosure of user emails.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict subscriber-level access where possible and monitor for plugin updates addressing this vulnerability.
CVE-2024-0595: CWE-862 Missing Authorization in awesomesupport Awesome Support – WordPress HelpDesk & Support Plugin
Description
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. CVE-2024-35741 is likely a duplicate of this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-0595 is a missing authorization vulnerability (CWE-862) in the Awesome Support – WordPress HelpDesk & Support Plugin. The issue arises because the wpas_get_users() function, which is hooked via AJAX, lacks proper capability checks. This allows authenticated users with subscriber-level privileges or higher to access user data, including email addresses. The vulnerability affects all plugin versions up to 6.1.7. No official patch or fix has been referenced in the provided data, and no known exploits have been reported.
Potential Impact
An attacker with at least subscriber-level access can retrieve user email addresses from the WordPress site using the vulnerable plugin. This leads to unauthorized disclosure of user information but does not affect integrity or availability. The impact is limited to information disclosure of user emails.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict subscriber-level access where possible and monitor for plugin updates addressing this vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-01-16T14:19:26.414Z
- Cisa Enriched
- true
Threat ID: 682d983fc4522896dcbf0daa
Added to database: 5/21/2025, 9:09:19 AM
Last enriched: 4/9/2026, 5:36:22 AM
Last updated: 5/10/2026, 1:34:45 PM
Views: 66
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.