{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12085", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-22T17:56:36.006Z", "datePublished": "2025-11-21T05:32:05.922Z", "dateUpdated": "2026-04-08T17:05:29.648Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:29.648Z"}, "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to empty the ticket trash."}], "title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89696d1c-8e6e-402a-9d7a-03fe0f364a72?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-two.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2025-10-22T18:11:54.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-20T17:00:40.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T14:48:14.935567Z", "id": "CVE-2025-12085", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:58:36.778Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12085", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T14:48:14.935567Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:54:01.107Z"}}], "cna": {"title": "ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "elextensions", "product": "ELEX WordPress HelpDesk & Customer Ticketing System", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-22T18:11:54.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-20T17:00:40.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89696d1c-8e6e-402a-9d7a-03fe0f364a72?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-two.php"}], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to empty the ticket trash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:29.648Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12085", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:05:29.648Z", "dateReserved": "2025-10-22T17:56:36.006Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-21T05:32:05.922Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elula:wsdesk:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "6D3C90F8-FBE9-409A-A29E-3D775928E2BF", "versionEndExcluding": "3.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to empty the ticket trash."}], "id": "CVE-2025-12085", "lastModified": "2025-12-03T18:28:50.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-11-21T06:15:47.877", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3399391/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-two.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89696d1c-8e6e-402a-9d7a-03fe0f364a72?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:57:17.849328+00:00", "value": {"mitigation_remediation": ["Update the ELEX WordPress HelpDesk & Customer Ticketing System plugin to the latest version", "Revoke or restrict the capability that allows Subscribers to use the empty trash feature by modifying role capabilities (e.g., via code or a role editor plugin)", "Monitor WordPress logs for unexpected calls to the empty\u2011trash AJAX endpoint and review any unauthorized activity"], "summary": {"action": "Apply update", "impact": "Unauthorized ticket trash deletion"}, "threat_synthesis": {"affected_systems": "WordPress sites running the ELEX WordPress HelpDesk & Customer Ticketing System plugin, versions up to and including 3.3.1. The plugin is offered by Elextensions under the free WordPress plugin titled \"ELEX WordPress HelpDesk & Customer Ticketing System.\"", "description_and_impact": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin contains a missing capability check in the function responsible for emptying the ticket trash. As a result, any authenticated user with a Subscriber role or higher can issue a request that deletes all tickets stored in the trash, causing potential data loss and disrupting ticket history. This flaw does not grant code execution or arbitrary system access, but it does allow an attacker to remove recoverable tickets and affect the service\u2019s integrity.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate impact, while an EPSS score of less than 1% suggests the likelihood of exploitation is currently low. The vulnerability is not listed in CISA\u2019s KEV catalogue. Exploitation requires an attacker to be authenticated with at least Subscriber-level access and to trigger the AJAX endpoint that empties the trash, which is an authenticated attack vector rather than a remote unauthenticated one."}}}}, "created": "2025-11-24T09:09:21.333061+00:00", "updated": "2026-04-22T12:00:05.912313+00:00", "vendors": ["elextensions", "elextensions$PRODUCT$elex_wordpress_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}