2 matches found
CVE-2024-12171
creationtimestamp| type| source ---|---|--- 2025-02-01 04:15:50+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3np2z4qf2c 2025-02-01 05:25:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3715 2025-02-01 05:34:56+00:00| seen|...
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'ehcrmagentadduser' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with...