4 matches found
CVE-2025-14581
The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-14581
The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-14581 HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply
The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-14581
CVE-2025-14581 affects the WordPress plugin “HAPPY – Helpdesk Support Ticket System.” The issue is an authorization bypass caused by a missing capability check on the submit_form_reply AJAX action, allowing authenticated users with Subscriber+ privileges to post replies to arbitrary tickets regar...