CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/11/21 7:31 a.m.•9 views

CVE-2025-11815

CVE-2025-11815 documents a vulnerability in the UiPress lite plugin for WordPress (versions

4.3CVSS4.9AI score0.00197EPSS

Vulnrichment•added 2025/11/21 7:31 a.m.•2 views

CVE-2025-12135 WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS4.4AI score0.0025EPSS

Exploits0References7

EUVD•added 2025/11/21 7:31 a.m.•3 views

EUVD-2025-198407

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS5AI score0.00196EPSS

OSV•added 2025/11/21 6:15 a.m.•3 views

CVE-2025-12169

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS5.8AI score0.00164EPSS

NVD•added 2025/11/21 6:15 a.m.•9 views

CVE-2025-12169

OSV•added 2025/11/21 6:15 a.m.•2 views

CVE-2025-12022

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00164EPSS

NVD•added 2025/11/21 6:15 a.m.•4 views

CVE-2025-12022

NVD•added 2025/11/21 6:15 a.m.•2 views

CVE-2025-12085

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

NVD•added 2025/11/21 6:15 a.m.•4 views

CVE-2025-12023

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...

OSV•added 2025/11/21 6:15 a.m.•3 views

CVE-2025-12085

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00164EPSS

Cvelist•added 2025/11/21 5:32 a.m.•9 views

CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion

Vulnrichment•added 2025/11/21 5:32 a.m.•9 views

CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion

4.3CVSS4.7AI score0.00164EPSS

EUVD•added 2025/11/21 5:32 a.m.•5 views

EUVD-2025-198378

4.3CVSS4.7AI score0.00164EPSS

EUVD•added 2025/11/21 5:32 a.m.•3 views

EUVD-2025-198381

4.3CVSS4.6AI score0.00164EPSS

EUVD•added 2025/11/21 5:32 a.m.•5 views

EUVD-2025-198380

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS4.6AI score0.00164EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•5 views

PT-2025-47664

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax eh crm settings empty scheduled actions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possibl...

4.3CVSS5.1AI score0.00164EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•4 views

PT-2025-47663

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm settings empty trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS5.1AI score0.00164EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•6 views

PT-2025-47682

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.6. This makes it possible for...

4.3CVSS5.1AI score0.00197EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•5 views

PT-2025-47662

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh crm restore data function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wi...

4.3CVSS5.1AI score0.00164EPSS