Elextensions Elex Wordpress Helpdesk & Customer Ticketing System
14 CVEs affecting Elextensions Elex Wordpress Helpdesk & Customer Ticketing System. Latest disclosed: 2026-06-15. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47658 | Critical | 9.9 | 2025-05-23 | Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-suppor… |
CVE-2025-11456 | Critical | 9.8 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the… |
CVE-2024-12171 | High | 8.8 | 2025-02-01 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh… |
CVE-2026-48964 | High | 8.5 | 2026-06-15 | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. |
CVE-2025-9343 | High | 7.2 | 2025-12-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions u… |
CVE-2025-68837 | Medium | 6.5 | 2026-02-20 | Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exp… |
CVE-2025-13534 | Medium | 6.3 | 2025-12-02 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2… |
CVE-2025-14079 | Medium | 5.3 | 2026-02-05 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5… |
CVE-2025-10039 | Medium | 4.3 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu… |
CVE-2025-10054 | Medium | 4.3 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che… |
CVE-2025-12169 | Medium | 4.3 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che… |
CVE-2025-12022 | Medium | 4.3 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che… |
CVE-2025-12085 | Medium | 4.3 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che… |
CVE-2025-12023 | Medium | 4.3 | 2025-11-21 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che… |