Lucene search
K

184 matches found

Patchstack
Patchstack
added 2025/11/24 7:1 a.m.8 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by ifoundbug in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

9.8CVSS7AI score0.00656EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.8 views

CVE-2025-10054

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

5.3CVSS5AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 12:33 p.m.9 views

CVE-2025-10039

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.5AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 5:36 a.m.14 views

CVE-2025-12023

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 5:36 a.m.12 views

CVE-2025-12169

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS5.1AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 3:31 p.m.4 views

EUVD-2025-198487

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.00258EPSS
Exploits0References4
NVD
NVD
added 2025/11/21 1:15 p.m.5 views

CVE-2025-10039

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00258EPSS
Exploits0References3
OSV
OSV
added 2025/11/21 1:15 p.m.3 views

CVE-2025-10054

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

4.3CVSS5.8AI score0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 12:28 p.m.5 views

CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.2AI score0.00258EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 12:28 p.m.3 views

CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

5.3CVSS4.7AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/21 12:28 p.m.5 views

EUVD-2025-198489

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

5.3CVSS4.7AI score0.00253EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/21 8:21 a.m.9 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal vulnerability

Missing Authorization to Authenticated Subscriber+ Role Removal vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

5.3CVSS7AI score0.00253EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/21 8:15 a.m.5 views

CVE-2025-11456

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

9.8CVSS0.00656EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.10 views

CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

9.8CVSS0.00656EPSS
Exploits0References4
CVE
CVE
added 2025/11/21 7:31 a.m.24 views

CVE-2025-11456

CVE-2025-11456 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the eh_crm_new_ticket_post() function across all versions up to and including 3.3.1. The issue ...

9.8CVSS7.2AI score0.00656EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.3 views

CVE-2025-11456 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Unauthenticated Arbitrary File Upload

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.2AI score0.00656EPSS
Exploits0References4
OSV
OSV
added 2025/11/21 6:15 a.m.6 views

CVE-2025-12169

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2025/11/21 6:15 a.m.2 views

CVE-2025-12023

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 6:15 a.m.7 views

CVE-2025-12022

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 6:15 a.m.4 views

CVE-2025-12085

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS0.00168EPSS
Exploits0References2
Rows per page
Query Builder