CVE-2023-5355
📋 TL;DR
This vulnerability in the Awesome Support WordPress plugin allows ticket submitters to delete arbitrary files on the server due to improper path sanitization. Attackers can exploit this to delete critical system files, potentially causing service disruption or complete system compromise. All WordPress sites running Awesome Support plugin versions before 6.1.5 are affected.
💻 Affected Systems
- Awesome Support WordPress Plugin
📦 What is this software?
Awesome Support by Getawesomesupport
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation.
Likely Case
Deletion of WordPress configuration files, plugin files, or user uploads causing website malfunction or data loss.
If Mitigated
Limited impact if file permissions restrict deletion to web-accessible directories only.
🎯 Exploit Status
Exploitation requires ticket submission access, which may be available to registered users or guests depending on configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.1.5
Vendor Advisory: https://wpscan.com/vulnerability/d6f7faca-dacf-4455-a837-0404803d0f25
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Awesome Support plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 6.1.5+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable ticket attachment functionality
allTemporarily disable file attachments in ticket submissions to prevent exploitation.
Restrict file permissions
linuxSet restrictive permissions on critical directories to prevent deletion.
chmod 755 /var/www/html/wp-content/uploads
chmod 644 /var/www/html/wp-config.php
🧯 If You Can't Patch
- Disable the Awesome Support plugin entirely until patching is possible
- Implement web application firewall rules to block suspicious file deletion requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Awesome Support version. If version is below 6.1.5, system is vulnerable.Check Version:
wp plugin list --name=awesome-support --field=versionVerify Fix Applied:
Confirm Awesome Support plugin version is 6.1.5 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in web server logs
- Multiple failed file deletion attempts from same IP
Network Indicators:
- HTTP POST requests to plugin endpoints with path traversal patterns
SIEM Query:
source="web_server.logs" AND (uri="/wp-admin/admin-ajax.php" OR uri LIKE "%/awesome-support%") AND (method="POST") AND (uri_params LIKE "%delete%" OR uri_params LIKE "%../%")