Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

elextensions — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting elextensions. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by elextensions:ELEX WordPress HelpDesk & Customer Ticketing SystemELEX WooCommerce Dynamic Pricing and DiscountsELEX WooCommerce Advanced Bulk Edit Products, Prices & AttributesELEX WooCommerce Request a QuoteELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)ELEX Product Feed for WooCommerceReachShip WooCommerce Multi-Carrier & Conditional ShippingELEX WooCommerce Google Shopping (Google Product Feed)WSChat – WordPress Live Chat
CVE IDTitleCVSSSeverityPublished
CVE-2025-68837 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 6.5 Medium2026-02-20
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 5.3 Medium2026-02-05
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-79 7.2 High2025-12-21
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-269 6.3 Medium2025-12-02
CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-639 4.3 Medium2025-11-21
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-434 9.8 Critical2025-11-21
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 4.3 Medium2025-11-21
CVE-2025-12751 WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset — WSChat – WordPress Live ChatCWE-862 4.3 Medium2025-11-19
CVE-2025-10046 ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction — ELEX WooCommerce Google Shopping (Google Product Feed)CWE-89 4.9 Medium2025-09-06
CVE-2025-53213 WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability — ReachShip WooCommerce Multi-Carrier & Conditional ShippingCWE-434 9.9 Critical2025-08-20
CVE-2025-47645 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability — ELEX WooCommerce Advanced Bulk Edit Products, Prices & AttributesCWE-89 8.5 High2025-07-16
CVE-2025-47658 WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-434 9.9 Critical2025-05-23
CVE-2025-47643 WordPress ELEX Product Feed for WooCommerce plugin <= 3.1.2 - SQL Injection Vulnerability — ELEX Product Feed for WooCommerceCWE-89 7.6 High2025-05-07
CVE-2025-3280 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection — ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)CWE-89 6.5 Medium2025-04-24
CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability — ELEX WooCommerce Request a QuoteCWE-862 4.3 Medium2025-03-31
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — ELEX WordPress HelpDesk & Customer Ticketing SystemCWE-862 8.8 High2025-02-01
CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.9 - SQL Injection vulnerability — ELEX WooCommerce Advanced Bulk Edit Products, Prices & AttributesCWE-89 7.6 High2025-01-07
CVE-2024-12266 ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-862 6.5 Medium2024-12-24
CVE-2024-31364 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-352 4.3 Medium2024-04-12
CVE-2024-32105 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-352 4.3 Medium2024-04-11
CVE-2024-31255 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-79 7.1 High2024-04-07

This page lists every published CVE security advisory associated with elextensions. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.