Elula Wsdesk vulnerabilities
10 known vulnerabilities affecting elula/wsdesk.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-11456P2CRITICALCVSS 9.8fixed in 3.3.22025-11-21
CVE-2025-11456 [CRITICAL] CWE-434 CVE-2025-11456: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitr
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server w
nvd
CVE-2025-47658P3HIGHCVSS 8.8fixed in 3.3.02025-05-23
CVE-2025-47658 [HIGH] CWE-434 CVE-2025-47658: Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDes
Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.2.9.
nvd
CVE-2025-13534P3HIGHCVSS 8.8fixed in 3.3.32025-12-02
CVE-2025-13534 [HIGH] CWE-269 CVE-2025-13534: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privil
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their
nvd
CVE-2024-12171P3HIGHCVSS 8.8fixed in 3.2.72025-02-01
CVE-2024-12171 [HIGH] CWE-862 CVE-2024-12171: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privil
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new administra
nvd
CVE-2025-10054P4MEDIUMCVSS 4.3fixed in 3.3.22025-11-21
CVE-2025-10054 [MEDIUM] CWE-862 CVE-2025-10054: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauth
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_remove_agent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the
nvd
CVE-2025-12022P4MEDIUMCVSS 4.3fixed in 3.3.22025-11-21
CVE-2025-12022 [MEDIUM] CWE-862 CVE-2025-12022: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauth
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above,
nvd
CVE-2025-10039P4MEDIUMCVSS 4.3fixed in 3.3.02025-11-21
CVE-2025-10039 [MEDIUM] CWE-639 CVE-2025-10039: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecu
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'eh_crm_ticket_single_view_client' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and
nvd
CVE-2025-12169P4MEDIUMCVSS 4.3fixed in 3.3.12025-11-21
CVE-2025-12169 [MEDIUM] CWE-862 CVE-2025-12169: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauth
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Subscriber-level a
nvd
CVE-2025-12085P4MEDIUMCVSS 4.3fixed in 3.3.22025-11-21
CVE-2025-12085 [MEDIUM] CWE-862 CVE-2025-12085: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauth
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to emp
nvd
CVE-2025-12023P4MEDIUMCVSS 4.3fixed in 3.3.22025-11-21
CVE-2025-12023 [MEDIUM] CWE-862 CVE-2025-12023: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauth
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tic
nvd