CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/20 4:22 p.m.•3 views

CVE-2025-68837

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from...

6.5CVSS0.00042EPSS

Vulnrichment•added 2026/02/20 3:46 p.m.•1 views

CVE-2025-67977 WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...

8.2CVSS5.3AI score0.00056EPSS

Positive Technologies•added 2026/02/20 12:0 a.m.•2 views

PT-2026-21050

Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions through 1.0.8 Description The software contains a missing authorization flaw due to incorrectly configured access control security levels. This allows for potential exploitation. Recommendations Update VillaTheme HAPP...

5.4AI score0.00056EPSS

Exploits0References3

Patchstack•added 2026/01/27 7:12 a.m.•3 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.5...

5.9AI score0.00042EPSS

Exploits0Affected Software1

NVD•added 2025/12/02 9:15 a.m.•2 views

CVE-2025-13534

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...

8.8CVSS0.00086EPSS

CVE•added 2025/12/02 8:24 a.m.•10 views

CVE-2025-13534

CVE-2025-13534 concerns the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress (versions

8.8CVSS5.4AI score0.00086EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2025/12/02 8:24 a.m.•1 views

CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action

6.3CVSS5.3AI score0.00086EPSS

RedhatCVE•added 2025/11/22 8:35 a.m.•6 views

CVE-2025-11456

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.5AI score0.00647EPSS

RedhatCVE•added 2025/11/22 5:36 a.m.•4 views

CVE-2025-12085

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS5.1AI score0.00036EPSS

RedhatCVE•added 2025/11/22 5:35 a.m.•4 views

CVE-2025-12022

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS5.1AI score0.00036EPSS

EUVD•added 2025/11/21 3:31 p.m.•1 views

EUVD-2025-198487

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.00034EPSS

EUVD•added 2025/11/21 9:30 a.m.•1 views

EUVD-2025-198426

9.8CVSS7AI score0.00647EPSS

Exploits0References6

OSV•added 2025/11/21 8:15 a.m.•0 views

CVE-2025-11456

9.8CVSS6.4AI score0.00647EPSS

NVD•added 2025/11/21 6:15 a.m.•2 views

CVE-2025-12023

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...

4.3CVSS0.00036EPSS

OSV•added 2025/11/21 6:15 a.m.•1 views

CVE-2025-12085

4.3CVSS5.8AI score

Cvelist•added 2025/11/21 5:32 a.m.•5 views

CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS0.00036EPSS

Vulnrichment•added 2025/11/21 5:32 a.m.•3 views

CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty

4.3CVSS4.7AI score0.00036EPSS

CNNVD•added 2025/11/21 12:0 a.m.•1 views

WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 安全漏洞

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. The WordPress ELEX WordPress HelpDesk & Customer Ticketing Syste...

4.3CVSS6.7AI score0.00034EPSS