Elula

Wsdesk

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-13534

  • EPSS 0.06%
  • Veröffentlicht 02.12.2025 08:24:53
  • Zuletzt bearbeitet 04.12.2025 18:04:48

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This mak...

4.3

CVE-2025-10039

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 12:28:10
  • Zuletzt bearbeitet 26.11.2025 16:49:15

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'eh_crm_ticket_single_view_client' due to missing validation on a user ...

4.3

CVE-2025-10054

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 12:28:07
  • Zuletzt bearbeitet 26.11.2025 16:44:10

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_remove_agent' function in all versions up to, and including, 3.3.1. This ...

9.8

CVE-2025-11456

  • EPSS 0.35%
  • Veröffentlicht 21.11.2025 07:31:53
  • Zuletzt bearbeitet 26.11.2025 16:51:45

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes ...

4.3

CVE-2025-12169

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 05:32:07
  • Zuletzt bearbeitet 03.12.2025 18:29:07

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up ...

4.3

CVE-2025-12022

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 05:32:06
  • Zuletzt bearbeitet 03.12.2025 18:28:25

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and includin...

4.3

CVE-2025-12023

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 05:32:05
  • Zuletzt bearbeitet 03.12.2025 18:28:40

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This ...

4.3

CVE-2025-12085

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 05:32:05
  • Zuletzt bearbeitet 03.12.2025 18:28:50

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3....

8.8

CVE-2025-47658

  • EPSS 0.1%
  • Veröffentlicht 23.05.2025 12:43:23
  • Zuletzt bearbeitet 05.12.2025 00:17:40

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from ...

8.8

CVE-2024-12171

  • EPSS 0.21%
  • Veröffentlicht 01.02.2025 04:15:30
  • Zuletzt bearbeitet 24.02.2025 17:05:34

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it...