Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/11/22 5:36 a.m.12 views

CVE-2025-12169

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS5.1AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 5:32 a.m.10 views

CVE-2025-12169

The CVE-2025-12169 entry concerns ELEX WordPress HelpDesk & Customer Ticketing System (WordPress) with a missing capability check on wp_ajax_eh_crm_settings_empty_scheduled_actions, allowing authenticated subscribers (and above) to delete scheduled triggers in all versions up to 3.3.0. Connected ...

4.3CVSS4.7AI score0.00164EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/21 5:32 a.m.12 views

CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 5:32 a.m.10 views

CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS4.7AI score0.00164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.7 views

PT-2025-47664

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax eh crm settings empty scheduled actions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possibl...

4.3CVSS5.1AI score0.00164EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/20 10:1 p.m.9 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion vulnerability

Missing Authorization to Authenitcated Subscriber+ to Scheduled Trigger Deletion vulnerability discovered by Legion Hunter in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.0...

4.3CVSS7AI score0.00164EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder