Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ELEX WordPress HelpDesk & Customer Ticketing System — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in ELEX WordPress HelpDesk & Customer Ticketing System, with AI-generated Chinese analysis, references, and POCs.

Vendor: elextensions

CVE IDTitleCVSSSeverityPublished
CVE-2025-68837 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability CWE-862 6.5 Medium2026-02-20
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update CWE-862 5.3 Medium2026-02-05
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2025-12-21
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action CWE-269 6.3 Medium2025-12-02
CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' CWE-639 4.3 Medium2025-11-21
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal CWE-862 4.3 Medium2025-11-21
CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload CWE-434 9.8 Critical2025-11-21
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion CWE-862 4.3 Medium2025-11-21
CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore CWE-862 4.3 Medium2025-11-21
CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore CWE-862 4.3 Medium2025-11-21
CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty CWE-862 4.3 Medium2025-11-21
CVE-2025-47658 WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability CWE-434 9.9 Critical2025-05-23
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation CWE-862 8.8 High2025-02-01

All 13 known CVE vulnerabilities affecting ELEX WordPress HelpDesk & Customer Ticketing System with full Chinese analysis, references, and POCs where available.