{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T17:12:10.831","vulnerabilities":[{"cve":{"id":"CVE-2025-12641","sourceIdentifier":"security@wordfence.com","published":"2026-01-16T05:16:04.500","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpas_do_mr_activate_user' function not verifying that a user has permission to modify other users' roles, combined with a nonce reuse vulnerability where public registration nonces are valid for privileged actions because all actions share the same nonce namespace. This makes it possible for unauthenticated attackers to demote administrators to low-privilege roles via the 'wpas-do=mr_activate_user' action with a user-controlled 'user_id' parameter, granted they can access the publicly available registration/submit ticket page to extract a valid nonce."},{"lang":"es","value":"El plugin Awesome Support - WordPress HelpDesk &amp; Support para WordPress es vulnerable a un bypass de autorización debido a la falta de comprobaciones de capacidad en todas las versiones hasta la 6.3.6, inclusive. Esto se debe a que la función 'wpas_do_mr_activate_user' no verifica que un usuario tenga permiso para modificar los roles de otros usuarios, combinado con una vulnerabilidad de reutilización de nonce donde los nonces de registro públicos son válidos para acciones privilegiadas porque todas las acciones comparten el mismo espacio de nombres de nonce. Esto hace posible que atacantes no autenticados degraden a los administradores a roles de bajo privilegio a través de la acción 'wpas-do=mr_activate_user' con un parámetro 'user_id' controlado por el usuario, siempre que puedan acceder a la página de registro/envío de tickets disponible públicamente para extraer un nonce válido."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/awesome-support/tags/6.3.5/includes/functions-actions.php#L36","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/awesome-support/tags/6.3.5/includes/functions-actions.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/awesome-support/tags/6.3.5/includes/functions-user.php#L1686","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/awesome-support/tags/6.3.5/themes/default/registration.php#L183","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3435609/awesome-support/trunk/includes/functions-user.php?contextall=1","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a8e4ca-c16b-4e9d-8ad2-5a671fdbc49a?source=cve","source":"security@wordfence.com"}]}}]}