6 matches found
CVE-2025-13534
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...
CVE-2025-13534
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...
EUVD-2025-200210
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...
PT-2025-48655
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh crm edit agent AJAX action. This makes it possible for authenticated attackers, wit...
CVE-2022-30001
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agentid=...