Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2025-68837	WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability	ELEXtensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	6.5	2026-02-20 15:46:42	Deep Dive
CVE-2025-14079	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	5.3	2026-02-05 09:13:45	Deep Dive
CVE-2025-9343	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	High	7.2	2025-12-21 03:20:04	Deep Dive
CVE-2025-13534	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	6.3	2025-12-02 08:24:54	Deep Dive
CVE-2025-10039	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	4.3	2025-11-21 12:28:10	Deep Dive
CVE-2025-10054	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	4.3	2025-11-21 12:28:08	Deep Dive
CVE-2025-11456	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Critical	9.8	2025-11-21 07:31:54	Deep Dive
CVE-2025-12169	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	4.3	2025-11-21 05:32:08	Deep Dive
CVE-2025-12022	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	4.3	2025-11-21 05:32:06	Deep Dive
CVE-2025-12023	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	4.3	2025-11-21 05:32:06	Deep Dive
CVE-2025-12085	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	Medium	4.3	2025-11-21 05:32:06	Deep Dive
CVE-2025-12751	WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset	elextensions	WSChat – WordPress Live Chat	Medium	4.3	2025-11-19 05:45:11	Deep Dive
CVE-2025-10046	ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction	elextensions	ELEX WooCommerce Google Shopping (Google Product Feed)	Medium	4.9	2025-09-06 06:43:00	Deep Dive
CVE-2025-53213	WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability	ELEXtensions	ReachShip WooCommerce Multi-Carrier & Conditional Shipping	Critical	9.9	2025-08-20 08:03:17	Deep Dive
CVE-2025-47645	WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability	ELEXtensions	ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes	High	8.5	2025-07-16 11:28:03	Deep Dive
CVE-2025-47658	WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability	ELEXtensions	ELEX WordPress HelpDesk & Customer Ticketing System	Critical	9.9	2025-05-23 12:43:23	Deep Dive
CVE-2025-47643	WordPress ELEX Product Feed for WooCommerce plugin <= 3.1.2 - SQL Injection Vulnerability	ELEXtensions	ELEX Product Feed for WooCommerce	High	7.6	2025-05-07 14:20:42	Deep Dive
CVE-2025-3280	ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection	elextensions	ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)	Medium	6.5	2025-04-24 08:23:52	Deep Dive
CVE-2025-31406	WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability	ELEXtensions	ELEX WooCommerce Request a Quote	Medium	4.3	2025-03-31 08:34:52	Deep Dive
CVE-2024-12171	ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	elextensions	ELEX WordPress HelpDesk & Customer Ticketing System	High	8.8	2025-02-01 03:21:13	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List