CVE-2025-53340
BaseFortify
Publication date: 2025-09-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| awesome_support | awesome_support_plugin | 6.3.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53340 is a Missing Authorization vulnerability in the WordPress Awesome Support Plugin up to version 6.3.4. It allows unauthenticated attackers to access sensitive information that should normally be restricted. This is a type of Broken Access Control vulnerability where access controls fail to properly restrict data exposure to unauthorized users. [1]
How can this vulnerability impact me? :
This vulnerability can lead to sensitive data exposure to unauthenticated attackers, potentially allowing them to gather information that could be used to exploit other weaknesses in the system. Although the CVSS score indicates a low severity impact, the exposure of sensitive information can still pose risks to the confidentiality of your data and overall system security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized access attempts to sensitive data exposed by the Awesome Support plugin. Since the vulnerability allows unauthenticated access, you can look for unusual HTTP requests targeting the plugin endpoints that should normally require authorization. However, plugin-based malware scanners may be unreliable for detecting exploitation. No specific commands are provided in the resources. It is recommended to use professional incident response services for thorough detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) as offered by Patchstack to provide protection in the absence of an official fix. Users should monitor for updates from the plugin developers and consider professional incident response services if a compromise is suspected. Since no official patch is available, restricting access to the plugin endpoints via web application firewall rules or other access controls may also help reduce risk. [1]