4 matches found
CVE-2025-12023
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...
EUVD-2025-198379
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...
CVE-2025-12022
CVE-2025-12022 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin. It is caused by a missing capability check on the eh_crm_settings_restore_trash AJAX endpoint, allowing authenticated attackers with Subscriber-level access and above to restore all deleted tickets (versions up...
CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcrmrestoredata function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with...