ELEX WordPress HelpDesk & Customer Ticketing System
by ELEX
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47658 | Cri | 0.64 | 9.9 | 0.00 | May 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer… | ||
| CVE-2025-9343 | Hig | 0.47 | 7.2 | 0.00 | Dec 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2025-68837 | Med | 0.42 | 6.5 | 0.00 | Feb 20, 2026 | Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer… | ||
| CVE-2025-14079 | Med | 0.27 | 5.3 | 0.00 | Feb 5, 2026 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a shared nonce that is… | ||
| CVE-2025-13534 | 0.00 | — | 0.00 | Dec 2, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for… | |||
| CVE-2025-10039 | 0.00 | — | 0.00 | Nov 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'eh_crm_ticket_single_view_client' due to missing validation on a user controlled key. This makes it… | |||
| CVE-2025-11456 | 0.00 | — | 0.01 | Nov 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for… | |||
| CVE-2025-12169 | 0.00 | — | 0.00 | Nov 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up to, and including, 3.3.0.… | |||
| CVE-2025-12022 | 0.00 | — | 0.00 | Nov 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it… | |||
| CVE-2025-12085 | 0.00 | — | 0.00 | Nov 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for… | |||
| CVE-2025-12023 | 0.00 | — | 0.00 | Nov 21, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for… | |||
| CVE-2024-12171 | 0.00 | — | 0.00 | Feb 1, 2025 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated… |
- risk 0.64cvss 9.9epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer…
- risk 0.47cvss 7.2epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer…
- risk 0.27cvss 5.3epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_general function combined with a shared nonce that is…
- CVE-2025-13534Dec 2, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for…
- CVE-2025-10039Nov 21, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'eh_crm_ticket_single_view_client' due to missing validation on a user controlled key. This makes it…
- CVE-2025-11456Nov 21, 2025risk 0.00cvss —epss 0.01
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for…
- CVE-2025-12169Nov 21, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up to, and including, 3.3.0.…
- CVE-2025-12022Nov 21, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it…
- CVE-2025-12085Nov 21, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for…
- CVE-2025-12023Nov 21, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for…
- CVE-2024-12171Feb 1, 2025risk 0.00cvss —epss 0.00
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated…