1162 matches found
CVE-2025-67977
CVE-2025-67977 describes a Missing Authorization vulnerability in the WordPress plugin “HAPPY – Helpdesk Support Ticket System” (versions up to and including 1.0.8). According to Red Hat/NVD/CVE records, the flaw is a Broken Access Control via incorrectly configured access levels, enabling unauth...
PT-2026-21050
Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions through 1.0.8 Description The software contains a missing authorization flaw due to incorrectly configured access control security levels. This allows for potential exploitation. Recommendations Update VillaTheme HAPP...
PT-2026-21102
Name of the Vulnerable Software and Affected Versions ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System versions through 3.3.5 Description The ELEX WordPress HelpDesk & Customer Ticketing System has a flaw related to incorrectly configured access control security levels, potentiall...
CVE-2025-14079
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...
CVE-2025-14079
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...
CVE-2025-14079
CVE-2025-14079 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress, up to version 3.3.5. The root cause is missing capability checks on eh_crm_ticket_general combined with a shared nonce exposed to low-privilege users, allowing authenticated attackers with Subscri...
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...
CVE-2025-14079
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...
CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...
EUVD-2025-206869
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...
WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin ELEX WordPress HelpDesk & Customer...
PT-2026-5878
Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions through 3.3.5 Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to a missing authorization issue. This is caused by a lack of...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.5...
CVE-2020-37091
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...
CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...
CVE-2020-37091
Maian Support Helpdesk 4.3 is affected by a cross-site request forgery (CSRF) vulnerability that allows attackers to create administrative accounts without authentication. Exploitation involves crafting malicious HTML forms to add admin users and upload PHP files via the FAQ attachment system, en...
CVE-2020-37091
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...
PT-2026-5841
Name of the Vulnerable Software and Affected Versions Maian Support Helpdesk version 4.3 Description The software contains a cross-site request forgery condition that permits attackers to create administrative accounts without needing to authenticate. Attackers can construct malicious HTML forms ...
WordPress Plugin SupportCandy – Helpdesk & Customer Support Ticket System SQL Injection Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-5071
Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.8 Hotfix 1 HF1 Description SolarWinds Web Help Desk is susceptible to a security control bypass. Successful exploitation could allow an unauthenticated attacker to gain access to restricted...