Lucene search
K

4 matches found

OSV
OSV
added 2025/11/21 6:15 a.m.2 views

CVE-2025-12023

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 5:32 a.m.5 views

EUVD-2025-198379

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS4.7AI score0.00164EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 5:32 a.m.12 views

CVE-2025-12022

CVE-2025-12022 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin. It is caused by a missing capability check on the eh_crm_settings_restore_trash AJAX endpoint, allowing authenticated attackers with Subscriber-level access and above to restore all deleted tickets (versions up...

4.3CVSS4.7AI score0.00164EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/21 5:32 a.m.7 views

CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...

4.3CVSS0.00164EPSS
Exploits0References2
Rows per page
Query Builder