{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12023", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-21T14:46:47.792Z", "datePublished": "2025-11-21T05:32:05.530Z", "dateUpdated": "2026-04-08T16:49:36.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:36.139Z"}, "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tickets."}], "title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4599b145-cb89-48d4-8581-e1ee7a7bd323?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2025-10-21T15:01:57.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-20T17:01:39.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T14:48:15.564495Z", "id": "CVE-2025-12023", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:58:42.480Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T14:48:15.564495Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:54:06.699Z"}}], "cna": {"title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-21T15:01:57.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-20T17:01:39.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4599b145-cb89-48d4-8581-e1ee7a7bd323?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions.php"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tickets."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:36.139Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12023", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:49:36.139Z", "dateReserved": "2025-10-21T14:46:47.792Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-21T05:32:05.530Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elula:wsdesk:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "6D3C90F8-FBE9-409A-A29E-3D775928E2BF", "versionEndExcluding": "3.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tickets."}], "id": "CVE-2025-12023", "lastModified": "2025-12-03T18:28:40.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-11-21T06:15:47.720", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4599b145-cb89-48d4-8581-e1ee7a7bd323?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:22:53.593272+00:00", "value": {"mitigation_remediation": ["Upgrade the ELEX WordPress HelpDesk & Customer Ticketing System plugin to a version newer than 3.3.1, which includes the missing authorization check for ticket restores.", "If an upgrade is not immediately possible, restrict the execution of the eh_crm_restore_data() function to administrators by adding a capability check or disabling the restore feature for all other user roles.", "Disable or restrict the ability for Subscriber or lower roles to view or edit tickets through an additional WordPress permissions plugin and monitor logs for unauthorized restore attempts."], "summary": {"action": "Apply Patch", "impact": "Unauthorized modification of customer tickets via missing authorization check"}, "threat_synthesis": {"affected_systems": "All installations of the ELEX WordPress HelpDesk & Customer Ticketing System plugin with version 3.3.1 or earlier are affected. The plugin is distributed as a WordPress add\u2011on by the vendor EleExtensions. Users of the free WordPress version of the plugin are at risk if they have not upgraded past version 3.3.1.", "description_and_impact": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin allows authenticated users with Subscriber level or higher to invoke the eh_crm_restore_data() function without performing a capability check. By exploiting this missing authorization, an attacker can restore tickets to a prior state or revert changes, effectively tampering with ticket data. The primary impact is the ability to modify or roll back support tickets, which can compromise data integrity and potentially leak sensitive information. This flaw aligns with CWE\u2011862, missing authorization. The CVSS base score of 4.3 places it in the moderate range, indicating that while the vulnerability is exploitable, it does not enable arbitrary code execution or privilege escalation beyond the existing user role.", "risk_and_exploitability": "The exploit requires authenticated access, so an attacker must first obtain a valid WordPress account with Subscriber or higher privileges. The EPSS score of less than 1% indicates a very low probability of real\u2011world exploitation, and the vulnerability is not listed in the CISA KEV catalog. However, the moderate CVSS rating means that once authenticated, the attacker can modify support ticket content, potentially leading to data tampering, loss of trust, and operational disruption. The lack of a remote exploit path and the need for legitimate account credentials further reduce immediate danger, but the flaw still permits a malicious user within the system to manipulate ticket history."}}}}, "created": "2025-11-24T09:09:20.827747+00:00", "updated": "2026-04-22T12:30:16.832360+00:00", "vendors": ["elextensions", "elextensions$PRODUCT$elex_wordpress_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}