The Awesome Support plugin for WordPress is vulnerable to a security issue. In versions up to and including 6.1.5, someone could trick a site administrator into performing an action (like clicking on a link) that would allow them to retrieve ticket replies and delete attachments without having to authenticate themselves. This problem happens because of missing or incorrect validation on certain functions.