WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin Support Ticket Management System versions = 1.9...

CVE-2025-13534

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...

CVE-2025-13534

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...

CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the ehcrmeditagent AJAX action. This makes it possible for authenticated attackers, with...

PT-2025-48655

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh crm edit agent AJAX action. This makes it possible for authenticated attackers, wit...

CVE-2024-44644

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection in manage-tickets.php via the frm_id and aremark parameters due to lack of input validation. Public descriptions from CNVD, RH, CNNVD and CVE records indicate an attacker could execute arbitrary SQL and potentially steal sensitive database d...

EUVD-2020-2952

Malware in sbrugna...

EUVD-2014-1768

Malware in sbrugna...

EUVD-2023-51030

Malicious code in bioql PyPI...

EUVD-2024-33583

Malicious code in bioql PyPI...

CVE-2023-46864

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...

CVE-2023-46863

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...

CVE-2020-10499

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request...

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...

Peppermint 访问控制错误漏洞

Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint version 0.4.6 that stems from improper access control that allows a regular user to elevate privileges to administrator...

CVE-2024-31525

Peppermint Ticket Management 0.4.6 is affected by an Incorrect Access Control vulnerability. A regular registered user can elevate privileges to administrator because the authorization check is performed on the client side and not validated server-side. This can result in actions like creating a ...

CVE-2024-10385

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS Cross-site Scripting, which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. ...

CVE-2024-10385 Stored XSS in DirectAdmin Evo Skin

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS Cross-site Scripting, which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. ...

CVE-2024-10385

CVE-2024-10385 affects DirectAdmin Evolution Skin’s ticket management system. It describes a stored XSS vulnerability that allows a low-privileged user to inject and persist malicious JavaScript; if an admin views the ticket, the script may perform privileged actions, including command execution....

CVE-2024-10385 Stored XSS in DirectAdmin Evo Skin

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS Cross-site Scripting, which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. ...