URGENT unsecure ticket system

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author siamkreative

    (@siamkreative)

    Hi David,

    I’m not sure I understand.

    I’m not sure how you got into thinking that the plugin isn’t secure. It does check if the user is logged in, and more. Could you please point out the relevant bits of code here: https://github.com/Awesome-Support/Awesome-Support.

    Thanks

    Thread Starter David Rosendo

    (@drosendo)

    Hi!

    I Didn’t check the code, it’s just what happens!
    If you supply me an email I can show it on my site.

    May there be an conflict with the theme? Maybe! But still the plugin should not allow this.

    Here goes the test scenario:
    1. Open a ticket
    2. Admin reply to that ticket
    3. It will show you under the title the permalink, copy that url.
    4. Paste that url onto a logged out session.
    5. The information contain in that ticket is accessible by anyone.

    Ps: also attachments always trow a error saying that it could not be open, but they show up successfully in media library.

    Thanks,
    David

    Plugin Author siamkreative

    (@siamkreative)

    David, this shouldn’t be happening.

    Please get in touch with me at [email protected] and let’s take it from there.

    Thread Starter David Rosendo

    (@drosendo)

    Hi,

    My initial issue is not related to Awsome plugins but with my current theme.

    Thanks for the work and support!
    David

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘URGENT unsecure ticket system’ is closed to new replies.