{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12022", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-21T14:44:41.416Z", "datePublished": "2025-11-21T05:32:06.379Z", "dateUpdated": "2026-04-08T17:10:38.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:10:38.123Z"}, "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore all deleted tickets."}], "title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/982b23c5-2414-48f7-a2f5-96fef54f8d69?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-archive-ajax-functions.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2025-10-21T14:59:53.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-20T16:58:48.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T14:48:14.184076Z", "id": "CVE-2025-12022", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:58:31.374Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12022", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T14:48:14.184076Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:54:00.409Z"}}], "cna": {"title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-21T14:59:53.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-20T16:58:48.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/982b23c5-2414-48f7-a2f5-96fef54f8d69?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-archive-ajax-functions.php"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore all deleted tickets."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-21T05:32:06.379Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12022", "state": "PUBLISHED", "dateUpdated": "2025-11-21T14:58:31.374Z", "dateReserved": "2025-10-21T14:44:41.416Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-21T05:32:06.379Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elula:wsdesk:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "6D3C90F8-FBE9-409A-A29E-3D775928E2BF", "versionEndExcluding": "3.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore all deleted tickets."}], "id": "CVE-2025-12022", "lastModified": "2025-12-03T18:28:25.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-11-21T06:15:47.557", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-archive-ajax-functions.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/982b23c5-2414-48f7-a2f5-96fef54f8d69?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T16:36:31.570836+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011released patch or update the ELEX plugin to the latest available version.", "Remove or disable the restore capability for Subscriber\u2011level and lower roles using the WordPress role editor or by adding custom code that revokes the capability.", "Restrict access to the 'eh_crm_settings_restore_trash' AJAX endpoint for Subscriber roles by configuring your web server firewall, .htaccess rules, or a security plugin that limits AJAX requests based on user role."], "summary": {"action": "Patch", "impact": "Unauthorized restoration of deleted tickets by authenticated (Subscriber+) users"}, "threat_synthesis": {"affected_systems": "All installations of the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress up to and including version 3.3.1 are affected. The issue is tied to the plugin's core directory, specifically the AJAX handler for restoring trashed tickets. No other versions or products from other vendors are listed as affected.", "description_and_impact": "The vulnerability arises from a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in the ELEX WordPress HelpDesk & Customer Ticketing System plugin. Because the endpoint lacks proper authorization validation, any authenticated user with Subscriber-level access and higher can invoke the endpoint to restore all previously deleted tickets. This enables an attacker to recover deleted ticket data, potentially exposing sensitive customer information and compromising the integrity of the support system. The weakness, classified as CWE-862 Missing Authorization Check, is a moderate privilege escalation flaw with a CVSS score of 4.3.", "risk_and_exploitability": "The risk is moderate due to the CVSS score of 4.3 and a very low EPSS (<1%), indicating that automated exploitation is unlikely. The flaw is not listed in the CISA KEV catalog, suggesting it has not been widely exploited in the wild. The attack vector is local to a user who is authenticated with the site; an attacker needs to know the AJAX endpoint URL or use the plugin\u2019s UI to trigger the restore. An authenticated Subscriber or higher\u2011level role can perform the action, so the impact is confined to the data within the ticketing system rather than the entire WordPress installation."}}}}, "created": "2025-11-24T09:09:20.355413+00:00", "updated": "2026-04-22T16:45:21.457814+00:00", "vendors": ["elextensions", "elextensions$PRODUCT$elex_wordpress_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}