CVE-2024-0594: 
WordPress vulnerability analysis and mitigation

CVE-2024-0594 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress, specifically versions up to and including 6.1.7. The vulnerability was discovered and disclosed on February 10, 2024. This security issue involves a union-based SQL Injection vulnerability that exists in the 'q' parameter of the wpas_get_users action (NVD).

The vulnerability stems from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. The issue specifically affects the wpas_get_users action, where the 'q' parameter can be manipulated to append additional SQL queries to existing ones. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability allows authenticated attackers with subscriber-level access or higher to execute additional SQL queries, potentially leading to the extraction of sensitive information from the database. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Users should update to a version newer than 6.1.7 of the Awesome Support plugin. The vulnerability has been addressed through improved parameter escaping and SQL query preparation in newer versions (NVD).