浏览 28+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4654 | Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 5.3 | 2026-04-08 07:43:03 | Deep Dive |
| CVE-2025-68837 | WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability | ELEXtensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 6.5 | 2026-02-20 15:46:42 | Deep Dive |
| CVE-2025-14079 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 5.3 | 2026-02-05 09:13:45 | Deep Dive |
| CVE-2025-12641 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 6.5 | 2026-01-16 04:44:35 | Deep Dive |
| CVE-2025-9343 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | High | 7.2 | 2025-12-21 03:20:04 | Deep Dive |
| CVE-2025-13534 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 6.3 | 2025-12-02 08:24:54 | Deep Dive |
| CVE-2025-10039 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 12:28:10 | Deep Dive |
| CVE-2025-10054 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 12:28:08 | Deep Dive |
| CVE-2025-11456 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Critical | 9.8 | 2025-11-21 07:31:54 | Deep Dive |
| CVE-2025-12169 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 05:32:08 | Deep Dive |
| CVE-2025-12085 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 05:32:06 | Deep Dive |
| CVE-2025-12023 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 05:32:06 | Deep Dive |
| CVE-2025-12022 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 4.3 | 2025-11-21 05:32:06 | Deep Dive |
| CVE-2025-9990 | WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion | smackcoders | WordPress Helpdesk Integration | High | 8.1 | 2025-09-05 02:25:02 | Deep Dive |
| CVE-2025-47658 | WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability | ELEXtensions | ELEX WordPress HelpDesk & Customer Ticketing System | Critical | 9.9 | 2025-05-23 12:43:23 | Deep Dive |
| CVE-2024-13567 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | High | 7.5 | 2025-04-01 05:22:46 | Deep Dive |
| CVE-2024-12171 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | elextensions | ELEX WordPress HelpDesk & Customer Ticketing System | High | 8.8 | 2025-02-01 03:21:13 | Deep Dive |
| CVE-2025-22762 | WordPress Octrace Support Pro plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability | Octrace | WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | Medium | 5.9 | 2025-01-15 15:23:24 | Deep Dive |
| CVE-2024-12443 | CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | crmperks | CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout | Medium | 6.4 | 2024-12-16 22:24:38 | Deep Dive |
| CVE-2024-54274 | WordPress Octrace Support plugin <= 1.2.7 - Reflected Cross Site Scripting (XSS) vulnerability | Octrace | WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | High | 7.1 | 2024-12-13 14:24:50 | Deep Dive |