2 matches found
CVE-2025-14079
CVE-2025-14079 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress, up to version 3.3.5. The root cause is missing capability checks on eh_crm_ticket_general combined with a shared nonce exposed to low-privilege users, allowing authenticated attackers with Subscri...
EUVD-2025-206869
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...