6 matches found
CVE-2025-12169
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...
CVE-2025-12169
The CVE-2025-12169 entry concerns ELEX WordPress HelpDesk & Customer Ticketing System (WordPress) with a missing capability check on wp_ajax_eh_crm_settings_empty_scheduled_actions, allowing authenticated subscribers (and above) to delete scheduled triggers in all versions up to 3.3.0. Connected ...
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...
PT-2025-47664
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax eh crm settings empty scheduled actions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possibl...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion vulnerability
Missing Authorization to Authenitcated Subscriber+ to Scheduled Trigger Deletion vulnerability discovered by Legion Hunter in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.0...